svn commit: r302117 - head/sys/netpfil/pf
Bjoern A. Zeeb
bz at FreeBSD.org
Thu Jun 23 05:41:47 UTC 2016
Author: bz
Date: Thu Jun 23 05:41:46 2016
New Revision: 302117
URL: https://svnweb.freebsd.org/changeset/base/302117
Log:
Import a fix for and old security issue (CVE-2010-3830) in pf which
was not relevant to FreeBSD as only root could open /dev/pf by default.
With VIMAGE this is will longer be the case. As pf(4) starts to
be supported with VNETs 3rd party users may open /dev/pf inside the
virtual jail instance; thus we need to address this issue after all.
While OpenBSD largely rewrote code parts for the fix [1], and it's
unclear what Apple [3] did, import the minimal fix from NetBSD [2].
[1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c.diff?r1=1.235&r2=1.236
[2] http://mail-index.netbsd.org/source-changes/2011/01/19/msg017518.html
[3] https://support.apple.com/en-gb/HT202154
Obtained from: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dist/pf/net/pf_ioctl.c.diff?r1=1.42&r2=1.43&only_with_tag=MAIN
MFC After: 2 weeks
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
Security: CVE-2010-3830
Modified:
head/sys/netpfil/pf/pf_ioctl.c
Modified: head/sys/netpfil/pf/pf_ioctl.c
==============================================================================
--- head/sys/netpfil/pf/pf_ioctl.c Thu Jun 23 05:35:08 2016 (r302116)
+++ head/sys/netpfil/pf/pf_ioctl.c Thu Jun 23 05:41:46 2016 (r302117)
@@ -1254,6 +1254,7 @@ pfioctl(struct cdev *dev, u_long cmd, ca
error = ENOMEM;
}
+ rule->overload_tbl = NULL;
if (rule->overload_tblname[0]) {
if ((rule->overload_tbl = pfr_attach_table(ruleset,
rule->overload_tblname)) == NULL)
@@ -1511,6 +1512,7 @@ DIOCADDRULE_error:
error = ENOMEM;
}
+ newrule->overload_tbl = NULL;
if (newrule->overload_tblname[0]) {
if ((newrule->overload_tbl = pfr_attach_table(
ruleset, newrule->overload_tblname)) ==
More information about the svn-src-all
mailing list