On Wed, Jan 08, 2020 at 07:18:54PM +0100, Benjamin Baier wrote:
> pfioctl() needs to ignore unknown af supplied from userland (root only)
> which can lead to kernel panic.
>
> This fixes [email protected]
> https://syzkaller.appspot.com/bug?id=18bd5fa9e22c139d0a4c34dd6c7c1f3fd6eec42a
I have commited your fix with error = EAFNOSUPPORT.
Thanks,
bluhm
> Index: pf_ioctl.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf_ioctl.c,v
> retrieving revision 1.347
> diff -u -p -r1.347 pf_ioctl.c
> --- pf_ioctl.c 26 Nov 2019 19:57:52 -0000 1.347
> +++ pf_ioctl.c 8 Jan 2020 17:33:26 -0000
> @@ -1807,6 +1807,18 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
> int m = 0, direction = pnl->direction;
> int sidx, didx;
>
> + switch (pnl->af) {
> + case AF_INET:
> + break;
> +#ifdef INET6
> + case AF_INET6:
> + break;
> +#endif /* INET6 */
> + default:
> + error = EINVAL;
> + goto fail;
> + }
> +
> /* NATLOOK src and dst are reversed, so reverse sidx/didx */
> sidx = (direction == PF_IN) ? 1 : 0;
> didx = (direction == PF_IN) ? 0 : 1;
