CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

projects / FreeBSD / FreeBSD.git / commit

author	kp <kp@FreeBSD.org>
	Wed, 17 Apr 2019 16:42:54 +0000 (16:42 +0000)
committer	kp <kp@FreeBSD.org>
	Wed, 17 Apr 2019 16:42:54 +0000 (16:42 +0000)
commit	9fe8ed111f18d413ebda396bfd9ade8d03fd41b3
tree	0d1a8996699fd57884dba021e66a472ca145a56a	tree \| snapshot
parent	bd857a3d8dc2407a5f98e8ed2eae54f98e1f4bee	commit \| diff

pf: Fix panic on invalid DIOCRSETTFLAGS

If during DIOCRSETTFLAGS pfrio_buffer is NULL copyin() will fault, which we're
not allowed to do with a lock held.
We must count the number of entries in the table and release the lock during
copyin(). Only then can we re-acquire the lock. Note that this is safe, because
pfr_set_tflags() will check if the table and entries exist.

This was discovered by a local syzcaller instance.

MFC after: 1 week
Event: Aberdeen hackathon 2019

sys/netpfil/pf/pf_ioctl.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom