[Midnightbsd-cvs] [MidnightBSD/src] b8a926: ipfilter: Prevent stack buffer overflow
Dag-Erling Smørgrav
noreply at github.com
Wed Dec 31 13:23:09 EST 2025
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: b8a926bd402154ea7def5516c62b834bcf7e1e40
https://github.com/MidnightBSD/src/commit/b8a926bd402154ea7def5516c62b834bcf7e1e40
Author: Dag-Erling Smørgrav <des at FreeBSD.org>
Date: 2025-12-31 (Wed, 31 Dec 2025)
Changed paths:
M sbin/ipf/libipf/interror.c
M sys/netpfil/ipfilter/netinet/ip_sync.c
Log Message:
-----------
ipfilter: Prevent stack buffer overflow
When copying ipfs data from user space, don't just check that the payload
length is nonzero, but also that it does not exceed the size of the stack
buffer we're copying it into.
While we're at it, use a union to create a buffer of the exact size we
need instead of guessing that 2048 will be enough (and not too much).
Finally, check the size of the payload once it gets to where it's used.
MFC after: 3 days
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D54194
(cherry picked from commit a34c50fbd2a52bb63acde82e5aec4cb57880e39b)
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list