summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandr Nedvedicky <sashan@cvs.openbsd.org>2020-04-19 22:31:07 +0000
committerAlexandr Nedvedicky <sashan@cvs.openbsd.org>2020-04-19 22:31:07 +0000
commit651ede8ac6c4e118e68dc0b0a3e8bf0222327a8f (patch)
treec86e80081c641b55b7f6120305675426ff353472
parent51d09c2ae0b6c2f2ec8d0ef27caa6b755c26ded6 (diff)
fix insufficient input sanitization in pf_rulecopyin() and pf_pool_copyin()
Reported-by: syzbot+d0639632a0affe0a690e@syzkaller.appspotmail.com Reported-by: syzbot+ae5e359d7f82688edd6a@syzkaller.appspotmail.com OK anton@
Diffstat
-rw-r--r--sys/net/pf_ioctl.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index da5edfeee9c..58480308bf2 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.350 2020/04/12 11:56:52 mpi Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.351 2020/04/19 22:31:06 sashan Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2782,6 +2782,7 @@ pf_pool_copyin(struct pf_pool *from, struct pf_pool *to)
{
memmove(to, from, sizeof(*to));
to->kif = NULL;
+ to->addr.p.tbl = NULL;
}
int
@@ -2791,7 +2792,9 @@ pf_rule_copyin(struct pf_rule *from, struct pf_rule *to,
int i;
to->src = from->src;
+ to->src.addr.p.tbl = NULL;
to->dst = from->dst;
+ to->dst.addr.p.tbl = NULL;
/* XXX union skip[] */
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-04 15:51:48 +0000