git: 8fb5dc88ad8e - stable/14 - pf: fix overly large copy in pf_rule_to_krule()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 11 Jun 2024 13:27:41 UTC
The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8fb5dc88ad8edbf3ab2a60fff4c2af2ad71fceae commit 8fb5dc88ad8edbf3ab2a60fff4c2af2ad71fceae Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-06-04 12:55:02 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-06-11 06:06:04 +0000 pf: fix overly large copy in pf_rule_to_krule() The timeout array in struct pf_rule has PFTM_OLD_MAX entries, the one in struct pf_krule has PFTM_MAX entries (and PFTM_MAX > PFTM_OLD_MAX). Use the smaller of the sizes when copying. Reported by: CheriBSD MFC after: 1 week Event: Kitchener-Waterloo Hackathon 202406 (cherry picked from commit 4779b16fa61f858ad5c449834f550fbd5e162d98) --- sys/netpfil/pf/pf_ioctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 1a383ae6fd09..7c148d857144 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2071,7 +2071,8 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule) krule->os_fingerprint = rule->os_fingerprint; krule->rtableid = rule->rtableid; - bcopy(rule->timeout, krule->timeout, sizeof(krule->timeout)); + /* pf_rule->timeout is smaller than pf_krule->timeout */ + bcopy(rule->timeout, krule->timeout, sizeof(rule->timeout)); krule->max_states = rule->max_states; krule->max_src_nodes = rule->max_src_nodes; krule->max_src_states = rule->max_src_states;