Hi,
I noticed pfctl crashes on segfault when anchors go too deep:
--8<-----------------------------------
$ cat ~/pf.conf | head -5
anchor foo {
anchor foo {
anchor foo {
anchor foo {
anchor foo {
$ grep anchor ~/pf.conf | wc -l
66
$ /sbin/pfctl -nf ~/pf.conf
Segmentation fault (core dumped)
----------------------------------->8--
It seems there is no check we fit into pfctl.astack[]. The attached
patch resolves this issue:
--8<-----------------------------------
$ ./pfctl -nf ~/pf.conf
pfctl: pfa_anchor: anchors too deep
$ grep anchor ~/pf2.conf | wc -l
63
$ ./pfctl -nf ~/pf2.conf
$
----------------------------------->8--
Petr
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 15555e7ce21..5e19c5f39da 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -846,6 +846,8 @@ pfa_anchor : '{'
/* steping into a brace anchor */
pf->asd++;
+ if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH)
+ errx(1, "pfa_anchor: anchors too deep");
pf->bn++;
pf->brace = 1;
