d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6780e684d4
freebsd-nq/sys/netpfil/pf
History
Kristof Provost 6273ba66f2 pf: Avoid integer overflow issues by using mallocarray() iso. malloc() 
pfioctl() handles several ioctl that takes variable length input, these
include:
- DIOCRADDTABLES
- DIOCRDELTABLES
- DIOCRGETTABLES
- DIOCRGETTSTATS
- DIOCRCLRTSTATS
- DIOCRSETTFLAGS

All of them take a pfioc_table struct as input from userland. One of
its elements (pfrio_size) is used in a buffer length calculation.
The calculation contains an integer overflow which if triggered can lead
to out of bound reads and writes later on.

Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
2018-01-07 13:35:15 +00:00
..
if_pflog.c SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
if_pfsync.c SPDX: Fix some cases wrongly attributed to MIT. 2017-11-30 15:10:11 +00:00
in4_cksum.c SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
pf_altq.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
pf_if.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
pf_ioctl.c pf: Avoid integer overflow issues by using mallocarray() iso. malloc() 2018-01-07 13:35:15 +00:00
pf_lb.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
pf_mtag.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
pf_norm.c pf: Clean all fragments on shutdown 2017-12-31 10:01:31 +00:00
pf_osfp.c SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
pf_ruleset.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
pf_table.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
pf.c pf: Clean all fragments on shutdown 2017-12-31 10:01:31 +00:00
pf.h SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00