freebsd-skq

History

kp 9fe8ed111f pf: Fix panic on invalid DIOCRSETTFLAGS If during DIOCRSETTFLAGS pfrio_buffer is NULL copyin() will fault, which we're not allowed to do with a lock held. We must count the number of entries in the table and release the lock during copyin(). Only then can we re-acquire the lock. Note that this is safe, because pfr_set_tflags() will check if the table and entries exist. This was discovered by a local syzcaller instance. MFC after: 1 week Event: Aberdeen hackathon 2019	2019-04-17 16:42:54 +00:00
..
ipfw	Use IN_foo() macros from sys/netinet/in.h inplace of handcrafted code	2019-04-04 19:01:13 +00:00
pf	pf: Fix panic on invalid DIOCRSETTFLAGS	2019-04-17 16:42:54 +00:00

kp 9fe8ed111f pf: Fix panic on invalid DIOCRSETTFLAGS

If during DIOCRSETTFLAGS pfrio_buffer is NULL copyin() will fault, which we're
not allowed to do with a lock held.
We must count the number of entries in the table and release the lock during
copyin(). Only then can we re-acquire the lock. Note that this is safe, because
pfr_set_tflags() will check if the table and entries exist.

This was discovered by a local syzcaller instance.

MFC after:	1 week
Event:		Aberdeen hackathon 2019

2019-04-17 16:42:54 +00:00

ipfw

Use IN_foo() macros from sys/netinet/in.h inplace of handcrafted code

2019-04-04 19:01:13 +00:00

pf: Fix panic on invalid DIOCRSETTFLAGS

2019-04-17 16:42:54 +00:00