Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 Nov 2025 08:39:03 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 70154de06926 - stable/14 - pf: improve add state validation
Message-ID:  <202511030839.5A38d3nv016608@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=70154de06926aadf7efb50591e21a82aaf1b619a

commit 70154de06926aadf7efb50591e21a82aaf1b619a
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-10-29 10:40:52 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-11-02 14:06:44 +0000

    pf: improve add state validation
    
    Both for the DIOCADDSTATE ioctl and for states imported through pfsync packets.
    Add a test case to exercise this code path.
    
    Reported by:    Ilja Van Sprundel <ivansprundel@ioactive.com>
    MFC after:      3 days
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit faacc0d968816cf8714c974b6d8df6191cfb0e0d)
---
 sys/netpfil/pf/if_pfsync.c              |  3 +++
 tests/sys/netpfil/pf/ioctl/validation.c | 26 ++++++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 8c080b472653..2a5cb0612d36 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -530,6 +530,9 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version)
 
 	PF_RULES_RASSERT();
 
+	if (strnlen(sp->pfs_1301.ifname, IFNAMSIZ) == IFNAMSIZ)
+		return (EINVAL);
+
 	if (sp->pfs_1301.creatorid == 0) {
 		if (V_pf_status.debug >= PF_DEBUG_MISC)
 			printf("%s: invalid creator id: %08x\n", __func__,
diff --git a/tests/sys/netpfil/pf/ioctl/validation.c b/tests/sys/netpfil/pf/ioctl/validation.c
index 1ce8999dcb91..b18e30e5e6af 100644
--- a/tests/sys/netpfil/pf/ioctl/validation.c
+++ b/tests/sys/netpfil/pf/ioctl/validation.c
@@ -32,6 +32,7 @@
 #include <net/if.h>
 #include <net/pfvar.h>
 
+#include <errno.h>
 #include <fcntl.h>
 #include <stdio.h>
 
@@ -894,6 +895,30 @@ ATF_TC_CLEANUP(rpool_mtx2, tc)
 }
 
 
+ATF_TC_WITH_CLEANUP(addstate);
+ATF_TC_HEAD(addstate, tc)
+{
+	atf_tc_set_md_var(tc, "require.user", "root");
+	atf_tc_set_md_var(tc, "require.kmods", "pfsync");
+}
+
+ATF_TC_BODY(addstate, tc)
+{
+	struct pfioc_state st;
+
+	COMMON_HEAD();
+
+	memset(&st, 'a', sizeof(st));
+	st.state.timeout = PFTM_TCP_FIRST_PACKET;
+
+	ATF_CHECK_ERRNO(EINVAL, ioctl(dev, DIOCADDSTATE, &st) == -1);
+}
+
+ATF_TC_CLEANUP(addstate, tc)
+{
+	COMMON_CLEANUP();
+}
+
 ATF_TP_ADD_TCS(tp)
 {
 	ATF_TP_ADD_TC(tp, addtables);
@@ -918,6 +943,7 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, tag);
 	ATF_TP_ADD_TC(tp, rpool_mtx);
 	ATF_TP_ADD_TC(tp, rpool_mtx2);
+	ATF_TP_ADD_TC(tp, addstate);
 
 	return (atf_no_error());
 }
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202511030839.5A38d3nv016608>