freebsd-dev

History

Kristof Provost 8748b499c1 pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES The DIOCRADDTABLES and DIOCRDELTABLES ioctls can process a number of tables at a time, and as such try to allocate <number of tables> * sizeof(struct pfr_table). This multiplication can overflow. Thanks to mallocarray() this is not exploitable, but an overflow does panic the system. Arbitrarily limit this to 65535 tables. pfctl only ever processes one table at a time, so it presents no issues there. MFC after: 1 week	2018-04-06 15:01:45 +00:00
..
ipfw	Do not try to reassemble IPv6 fragments in "reass" rule.	2018-03-12 09:40:46 +00:00
pf	pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES	2018-04-06 15:01:45 +00:00

Kristof Provost 8748b499c1 pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES

The DIOCRADDTABLES and DIOCRDELTABLES ioctls can process a number of
tables at a time, and as such try to allocate <number of tables> *
sizeof(struct pfr_table). This multiplication can overflow. Thanks to
mallocarray() this is not exploitable, but an overflow does panic the
system.

Arbitrarily limit this to 65535 tables. pfctl only ever processes one
table at a time, so it presents no issues there.

MFC after:	1 week

2018-04-06 15:01:45 +00:00

ipfw

Do not try to reassemble IPv6 fragments in "reass" rule.

2018-03-12 09:40:46 +00:00

pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES

2018-04-06 15:01:45 +00:00