Be more careful when copying the pf rule from userland into the kernel. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	claudio <claudio@openbsd.org>	2010-12-15 14:22:25 +0000
committer	claudio <claudio@openbsd.org>	2010-12-15 14:22:25 +0000
commit	04523091a16553628956e63cc3d1b31f792bdfe6 (patch)
tree	58c2195c52cfbecc4b8ae889164f6d26ed92c0cc /lib
parent	- clarify the "probability" text; based on a diff from Thomas Pfaff (diff)
download	wireguard-openbsd-04523091a16553628956e63cc3d1b31f792bdfe6.tar.xz wireguard-openbsd-04523091a16553628956e63cc3d1b31f792bdfe6.zip

Be more careful when copying the pf rule from userland into the kernel.

All pointers in the struct need to be cleared and reset. So instead of bcopy the struct and clear some fields start with a clean struct and assign the values that need to be copied. Fixes a local vulnerability but only root can issue the problematic ioctl(). Reported by Jean Sigwald, has been in snaps for a while and OK deraadt@

Diffstat (limited to 'lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: