[Bug 260958] pfctl: expand_rule: strlcpy

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 05 Jan 2022 18:19:33 UTC

            Bug ID: 260958
           Summary: pfctl: expand_rule: strlcpy
           Product: Base System
           Version: 13.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: thomas@gibfest.dk

Hello :)

A fun bug where a long-ish ipv6 address used in a reply-to in a pf ruleset
results in pfctl being unable to parse the ruleset.

The issue boiled down to a one line ruleset, one with a 16 byte address (which
fails) and the other with a 15 byte address (which works).

[tykling@nuc1 ~]$ cat trigger 
pass in reply-to { 2001:DB8:1234::5 }
[tykling@nuc1 ~]$ pfctl -nf trigger 
pfctl: expand_rule: strlcpy
[tykling@nuc1 ~]$ echo $?
[tykling@nuc1 ~]$ cat notrigger 
pass in reply-to { 2001:DB8:1234:: }
[tykling@nuc1 ~]$ pfctl -nf notrigger 
[tykling@nuc1 ~]$ echo $?
[tykling@nuc1 ~]$ uname -a
FreeBSD nuc1.servers.bornhack.org 13.0-STABLE FreeBSD 13.0-STABLE #1
stable/13-d208638c5: Wed Jan  5 13:32:08 UTC 2022    
root@nuc1.servers.bornhack.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64
[tykling@nuc1 ~]$ 

We first observed this on 12.2-STABLE a while back but I didn't get around to
reporting it until now, so I've just confirmed it is still an issue on a fresh

Thanks! :)

You are receiving this mail because:
You are the assignee for the bug.