d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pfctl: fix out-of-bounds access

Browse Source 
If pfctl is called with "pfctl -a ''" we read outside of the anchoropt
buffer. Check that the buffer is sufficiently long to avoid that.

Maintain the existing (and desired, because it's used as such in
/etc/periodic/security/520.pfdenied) behaviour of treating "-a ''" as a
request for the root anchor (or no anchor specified).

PR:		264128
Reviewed by:	kp
This commit is contained in:
Jessica Clarke 2022-05-22 10:31:42 +02:00 committed by Kristof Provost
parent d94358e29d
commit 2986638550
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sbin/pfctl/pfctl.c
View File

@ -2864,7 +2864,7 @@ main(int argc, char *argv[])
if (anchoropt != NULL) {
int len = strlen(anchoropt);
if (anchoropt[len - 1] == '*') {
if (len >= 1 && anchoropt[len - 1] == '*') {
if (len >= 2 && anchoropt[len - 2] == '/')
anchoropt[len - 2] = '\0';
else