CVSROOT: /cvs Module name: src Changes by: mb...@cvs.openbsd.org 2022/07/20 03:33:11
Modified files:
sbin/pfctl : pfctl.c
share/man/man4 : pf.4
sys/net : pf.c pf_ioctl.c pf_ruleset.c pfvar.h
Log message:
Add a pool for the allocation of the pf_anchor struct.
It was possible to exhaust kernel memory by repeatedly calling
pfioctl DIOCXBEGIN with different anchor names.
OK bluhm@
Reported-by: syzbot+9dd98cbce69e26f0f...@syzkaller.appspotmail.com
