Hi, I noticed pfctl crashes on segfault when anchors go too deep:
--8<----------------------------------- $ cat ~/pf.conf | head -5 anchor foo { anchor foo { anchor foo { anchor foo { anchor foo { $ grep anchor ~/pf.conf | wc -l 66 $ /sbin/pfctl -nf ~/pf.conf Segmentation fault (core dumped) ----------------------------------->8-- It seems there is no check we fit into pfctl.astack[]. The attached patch resolves this issue: --8<----------------------------------- $ ./pfctl -nf ~/pf.conf pfctl: pfa_anchor: anchors too deep $ grep anchor ~/pf2.conf | wc -l 63 $ ./pfctl -nf ~/pf2.conf $ ----------------------------------->8-- Petr
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 15555e7ce21..5e19c5f39da 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -846,6 +846,8 @@ pfa_anchor : '{' /* steping into a brace anchor */ pf->asd++; + if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH) + errx(1, "pfa_anchor: anchors too deep"); pf->bn++; pf->brace = 1;