Summary: | Out-of-bounds read in pfctl(8) when run with -a “” (as in “periodic daily”). | ||
---|---|---|---|
Product: | Base System | Reporter: | Robert Watson <rwatson> |
Component: | bin | Assignee: | freebsd-pf (Nobody) <pf> |
Status: | New --- | ||
Severity: | Affects Only Me | CC: | jrtc27, kp |
Priority: | --- | ||
Version: | CURRENT | ||
Hardware: | Any | ||
OS: | Any |
Description
Robert Watson
![]() ![]() A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=298663855015c1eba7ccf5b88168f433653eb609 commit 298663855015c1eba7ccf5b88168f433653eb609 Author: Jessica Clarke <jrtc27@FreeBSD.org> AuthorDate: 2022-05-22 08:31:42 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-05-22 08:31:42 +0000 pfctl: fix out-of-bounds access If pfctl is called with "pfctl -a ''" we read outside of the anchoropt buffer. Check that the buffer is sufficiently long to avoid that. Maintain the existing (and desired, because it's used as such in /etc/periodic/security/520.pfdenied) behaviour of treating "-a ''" as a request for the root anchor (or no anchor specified). PR: 264128 Reviewed by: kp sbin/pfctl/pfctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) |