pf: Set the pfik_group for userspace

Userspace relies on this pointer to work out if the kif is a group or not. It can't use it for anything else, because it's a pointer to a kernel address. Substitute 0xfeedc0de for 'true', so that we don't leak kernel memory addresses to userspace. PR: 255852 Reviewed by: donner MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30284
2021-05-16 08:50:17 +02:00 · 2021-05-16 08:50:17 +02:00 · d69cc04014
commit d69cc04014
parent b2ee069e8c
1 changed files with 8 additions and 0 deletions
--- a/sys/netpfil/pf/pf_if.c
+++ b/sys/netpfil/pf/pf_if.c
@ -831,6 +831,14 @@ pf_kkif_to_kif(const struct pfi_kkif *kkif, struct pfi_kif *kif)
 	kif->pfik_flags = kkif->pfik_flags;
 	kif->pfik_tzero = kkif->pfik_tzero;
 	kif->pfik_rulerefs = kkif->pfik_rulerefs;
+	/*
+	 * Userspace relies on this pointer to decide if this is a group or
+	 * not. We don't want to share the actual pointer, because it's
+	 * useless to userspace and leaks kernel memory layout information.
+	 * So instead we provide 0xfeedcode as 'true' and NULL as 'false'.
+	 */
+	kif->pfik_group =
+	    kkif->pfik_group ? (struct ifg_group *)0xfeedc0de : NULL;
 }

 void