opnsense-src

mirror of https://github.com/opnsense/src.git synced 2026-04-26 00:27:08 -04:00

History

Kristof Provost 6273ba66f2 pf: Avoid integer overflow issues by using mallocarray() iso. malloc() pfioctl() handles several ioctl that takes variable length input, these include: - DIOCRADDTABLES - DIOCRDELTABLES - DIOCRGETTABLES - DIOCRGETTSTATS - DIOCRCLRTSTATS - DIOCRSETTFLAGS All of them take a pfioc_table struct as input from userland. One of its elements (pfrio_size) is used in a buffer length calculation. The calculation contains an integer overflow which if triggered can lead to out of bound reads and writes later on. Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>	2018-01-07 13:35:15 +00:00
..
ipfw	sys: general adoption of SPDX licensing ID tags.	2017-11-27 15:23:17 +00:00
pf	pf: Avoid integer overflow issues by using mallocarray() iso. malloc()	2018-01-07 13:35:15 +00:00

Kristof Provost 6273ba66f2 pf: Avoid integer overflow issues by using mallocarray() iso. malloc()

pfioctl() handles several ioctl that takes variable length input, these
include:
- DIOCRADDTABLES
- DIOCRDELTABLES
- DIOCRGETTABLES
- DIOCRGETTSTATS
- DIOCRCLRTSTATS
- DIOCRSETTFLAGS

All of them take a pfioc_table struct as input from userland. One of
its elements (pfrio_size) is used in a buffer length calculation.
The calculation contains an integer overflow which if triggered can lead
to out of bound reads and writes later on.

Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>

2018-01-07 13:35:15 +00:00

ipfw

sys: general adoption of SPDX licensing ID tags.

2017-11-27 15:23:17 +00:00

pf: Avoid integer overflow issues by using mallocarray() iso. malloc()

2018-01-07 13:35:15 +00:00