The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=bc83b3592241a6bcb18e1537fcd27a8eb342a701
commit bc83b3592241a6bcb18e1537fcd27a8eb342a701 Author: Mark Johnston <[email protected]> AuthorDate: 2022-06-30 14:18:50 +0000 Commit: Mark Johnston <[email protected]> CommitDate: 2022-06-30 14:31:26 +0000 pf: Ensure that pfiio_name is always nul terminated Reported by: syzkaller Reviewed by: kp MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35660 --- sys/netpfil/pf/pf_ioctl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index c50369a23aaf..3108536b58ab 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -5584,6 +5584,8 @@ DIOCCHANGEADDR_error: break; } + io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0'; + bufsiz = io->pfiio_size * sizeof(struct pfi_kif); ifstore = mallocarray(io->pfiio_size, sizeof(struct pfi_kif), M_TEMP, M_WAITOK | M_ZERO); @@ -5599,6 +5601,8 @@ DIOCCHANGEADDR_error: case DIOCSETIFFLAG: { struct pfioc_iface *io = (struct pfioc_iface *)addr; + io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0'; + PF_RULES_WLOCK(); error = pfi_set_flags(io->pfiio_name, io->pfiio_flags); PF_RULES_WUNLOCK(); @@ -5608,6 +5612,8 @@ DIOCCHANGEADDR_error: case DIOCCLRIFFLAG: { struct pfioc_iface *io = (struct pfioc_iface *)addr; + io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0'; + PF_RULES_WLOCK(); error = pfi_clear_flags(io->pfiio_name, io->pfiio_flags); PF_RULES_WUNLOCK();
