Date: Sun, 22 May 2022 08:59:54 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 298663855015 - main - pfctl: fix out-of-bounds access Message-ID: <202205220859.24M8xsBh063660@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=298663855015c1eba7ccf5b88168f433653eb609 commit 298663855015c1eba7ccf5b88168f433653eb609 Author: Jessica Clarke <jrtc27@FreeBSD.org> AuthorDate: 2022-05-22 08:31:42 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-05-22 08:31:42 +0000 pfctl: fix out-of-bounds access If pfctl is called with "pfctl -a ''" we read outside of the anchoropt buffer. Check that the buffer is sufficiently long to avoid that. Maintain the existing (and desired, because it's used as such in /etc/periodic/security/520.pfdenied) behaviour of treating "-a ''" as a request for the root anchor (or no anchor specified). PR: 264128 Reviewed by: kp --- sbin/pfctl/pfctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index a1f8e5fedd4c..93d26e53d71d 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2864,7 +2864,7 @@ main(int argc, char *argv[]) if (anchoropt != NULL) { int len = strlen(anchoropt); - if (anchoropt[len - 1] == '*') { + if (len >= 1 && anchoropt[len - 1] == '*') { if (len >= 2 && anchoropt[len - 2] == '/') anchoropt[len - 2] = '\0'; else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202205220859.24M8xsBh063660>