Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dist/pf/net make sure the "overload_tbl" member of "stru...
details: https://anonhg.NetBSD.org/src/rev/f5c41e89619d
branches: trunk
changeset: 761057:f5c41e89619d
user: drochner <drochner%NetBSD.org@localhost>
date: Wed Jan 19 19:58:02 2011 +0000
description:
make sure the "overload_tbl" member of "struct pf_rule" copied in
from userland is initialized (it is used by the kernel only)
fixes crash or data injection (CVE-2010-3830), usually by root user only
OpenBSD has rewritten the code to start with a zero'd struct and fills
in needed parts only - to be considered in case a newer pf version
is imported.
diffstat:
sys/dist/pf/net/pf_ioctl.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diffs (34 lines):
diff -r 85393be20e06 -r f5c41e89619d sys/dist/pf/net/pf_ioctl.c
--- a/sys/dist/pf/net/pf_ioctl.c Wed Jan 19 19:21:29 2011 +0000
+++ b/sys/dist/pf/net/pf_ioctl.c Wed Jan 19 19:58:02 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pf_ioctl.c,v 1.42 2010/05/07 17:41:57 degroote Exp $ */
+/* $NetBSD: pf_ioctl.c,v 1.43 2011/01/19 19:58:02 drochner Exp $ */
/* $OpenBSD: pf_ioctl.c,v 1.182 2007/06/24 11:17:13 mcbride Exp $ */
/*
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pf_ioctl.c,v 1.42 2010/05/07 17:41:57 degroote Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pf_ioctl.c,v 1.43 2011/01/19 19:58:02 drochner Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1496,6 +1496,7 @@
if (pf_tbladdr_setup(ruleset, &pa->addr))
error = EINVAL;
+ rule->overload_tbl = NULL;
if (rule->overload_tblname[0]) {
if ((rule->overload_tbl = pfr_attach_table(ruleset,
rule->overload_tblname)) == NULL)
@@ -1747,6 +1748,7 @@
if (pf_tbladdr_setup(ruleset, &pa->addr))
error = EINVAL;
+ newrule->overload_tbl = NULL;
if (newrule->overload_tblname[0]) {
if ((newrule->overload_tbl = pfr_attach_table(
ruleset, newrule->overload_tblname)) ==
Home |
Main Index |
Thread Index |
Old Index