git: 6ee3e376823f - main - pf: fix incorrect anchor_call to userspace

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 28 May 2024 20:31:26 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=6ee3e376823fc16b04ab45663661f27246e7b004

commit 6ee3e376823fc16b04ab45663661f27246e7b004
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-05-24 11:20:12 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-05-28 20:27:22 +0000

    pf: fix incorrect anchor_call to userspace
    
    777a4702c changed how we copy out the anchor_call string, and
    incorrectly limited it to 8 (4 on 32-bit systems) bytes. Fix that so we
    get the full anchor path, rather than just the first few characters.
    
    PR:             279225
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/pfvar.h             |  2 +-
 sys/netpfil/pf/pf_nl.c      |  2 +-
 sys/netpfil/pf/pf_ruleset.c | 14 +++++++-------
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 88fb99ead84e..d1aa57a941cc 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -2474,7 +2474,7 @@ void			 pf_init_keth(struct pf_keth_ruleset *);
 int			 pf_kanchor_setup(struct pf_krule *,
 			    const struct pf_kruleset *, const char *);
 int			 pf_kanchor_copyout(const struct pf_kruleset *,
-			    const struct pf_krule *, char *);
+			    const struct pf_krule *, char *, size_t);
 int			 pf_kanchor_nvcopyout(const struct pf_kruleset *,
 			    const struct pf_krule *, nvlist_t *);
 void			 pf_kanchor_remove(struct pf_krule *);
diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index 307e1ca1689d..8f0349d6f121 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -982,7 +982,7 @@ pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate *npt)
 	nlattr_add_u64(nw, PF_RT_STATES_TOTAL, counter_u64_fetch(rule->states_tot));
 	nlattr_add_u64(nw, PF_RT_SRC_NODES, counter_u64_fetch(rule->src_nodes));
 
-	error = pf_kanchor_copyout(ruleset, rule, anchor_call);
+	error = pf_kanchor_copyout(ruleset, rule, anchor_call, sizeof(anchor_call));
 	MPASS(error == 0);
 
 	nlattr_add_string(nw, PF_RT_ANCHOR_CALL, anchor_call);
diff --git a/sys/netpfil/pf/pf_ruleset.c b/sys/netpfil/pf/pf_ruleset.c
index 38cc1eae419f..fc0651f8a0e8 100644
--- a/sys/netpfil/pf/pf_ruleset.c
+++ b/sys/netpfil/pf/pf_ruleset.c
@@ -368,16 +368,16 @@ pf_kanchor_setup(struct pf_krule *r, const struct pf_kruleset *s,
 
 int
 pf_kanchor_copyout(const struct pf_kruleset *rs, const struct pf_krule *r,
-    char *anchor_call)
+    char *anchor_call, size_t anchor_call_len)
 {
 	anchor_call[0] = 0;
 
 	if (r->anchor == NULL)
 		goto done;
 	if (!r->anchor_relative) {
-		strlcpy(anchor_call, "/", sizeof(anchor_call));
+		strlcpy(anchor_call, "/", anchor_call_len);
 		strlcat(anchor_call, r->anchor->path,
-		    sizeof(anchor_call));
+		    anchor_call_len);
 	} else {
 		char	 a[MAXPATHLEN];
 		char	*p;
@@ -391,7 +391,7 @@ pf_kanchor_copyout(const struct pf_kruleset *rs, const struct pf_krule *r,
 				p = a;
 			*p = 0;
 			strlcat(anchor_call, "../",
-			    sizeof(anchor_call));
+			    anchor_call_len);
 		}
 		if (strncmp(a, r->anchor->path, strlen(a))) {
 			printf("pf_anchor_copyout: '%s' '%s'\n", a,
@@ -400,12 +400,12 @@ pf_kanchor_copyout(const struct pf_kruleset *rs, const struct pf_krule *r,
 		}
 		if (strlen(r->anchor->path) > strlen(a))
 			strlcat(anchor_call, r->anchor->path + (a[0] ?
-			    strlen(a) + 1 : 0), sizeof(anchor_call));
+			    strlen(a) + 1 : 0), anchor_call_len);
 
 	}
 	if (r->anchor_wildcard)
 		strlcat(anchor_call, anchor_call[0] ? "/*" : "*",
-		    sizeof(anchor_call));
+		    anchor_call_len);
 
 done:
 
@@ -419,7 +419,7 @@ pf_kanchor_nvcopyout(const struct pf_kruleset *rs, const struct pf_krule *r,
 	char anchor_call[MAXPATHLEN] = { 0 };
 	int ret;
 
-	ret = pf_kanchor_copyout(rs, r, anchor_call);
+	ret = pf_kanchor_copyout(rs, r, anchor_call, sizeof(anchor_call));
 	MPASS(ret == 0);
 
 	nvlist_add_string(nvl, "anchor_call", anchor_call);