diff options
| author | Vitaliy Makkoveev <mvs@cvs.openbsd.org> | 2024-05-17 18:58:27 +0000 |
|---|---|---|
| committer | Vitaliy Makkoveev <mvs@cvs.openbsd.org> | 2024-05-17 18:58:27 +0000 |
| commit | 5cba20bfb7aa3c743542727da43679e9d1af4e99 (patch) | |
| tree | aad5183645ed0018b5b1a5e96d9a428f77ad2aba /sys/net | |
| parent | 58ab40bab178c74ea136ae435c10c7d3a364129e (diff) | |
Fix uninitialized memory access in pfkeyv2_sysctl().
pfkeyv2_sysctl() reads the SA type from uninitialized memory if it is
not provided by the caller of sysctl(2) because of a missing length
check.
From Carsten Beckmann.
ok bluhm
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pfkeyv2.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index a6a1648e991..11d948bc070 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.260 2024/01/11 14:15:11 bluhm Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.261 2024/05/17 18:58:26 mvs Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -2705,7 +2705,10 @@ pfkeyv2_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, if (namelen < 1) return (EINVAL); w.w_op = name[0]; - w.w_satype = name[1]; + if (namelen >= 2) + w.w_satype = name[1]; + else + w.w_satype = SADB_SATYPE_UNSPEC; w.w_where = oldp; w.w_len = oldp ? *oldlenp : 0; |