git: 44117554b1ee - main - pf tests: pass NULL buffer to DIOCRCLRTSTATS

Wed Jan 13 19:49:56 UTC 2021

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=44117554b1ee8edd66d7383c17802d5799fd18f2

commit 44117554b1ee8edd66d7383c17802d5799fd18f2
Author:     Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-01-13 18:41:07 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-01-13 18:49:45 +0000

    pf tests: pass NULL buffer to DIOCRCLRTSTATS
    
    As discovered by syzcaller this used to provoke panics.
    
    MFC after:      1 week
---
 tests/sys/netpfil/pf/ioctl/validation.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/sys/netpfil/pf/ioctl/validation.c b/tests/sys/netpfil/pf/ioctl/validation.c
index 5b1f61720f66..0d7f7631e91b 100644
--- a/tests/sys/netpfil/pf/ioctl/validation.c
+++ b/tests/sys/netpfil/pf/ioctl/validation.c
@@ -265,6 +265,11 @@ ATF_TC_BODY(clrtstats, tc)
 	io.pfrio_size = 1 << 24;
 	if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)
 		atf_tc_fail("Request with size 1 << 24 failed");
+
+	io.pfrio_size = sizeof(tbl);
+	io.pfrio_buffer = NULL;
+	if (ioctl(dev, DIOCRCLRTSTATS, &io) == 0)
+		atf_tc_fail("Request with NULL buffer succeeded");
 }
 
 ATF_TC_CLEANUP(clrtstats, tc)
