|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Stephan A. Rickauer (stephan
cvs.openbsd.org)
Date: Thu Dec 16 2010 - 05:11:18 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
CVSROOT: /cvs
Module name: src
Changes by: stephancvs.openbsd.org 2010/12/16 04:11:18
Modified files:
sys/net : Tag: OPENBSD_4_8 pf_ioctl.c
Log message:
MFC, original commit from claudio:
- - - - - - - - - - - - - - - - - -
Be more careful when copying the pf rule from userland into the kernel.
All pointers in the struct need to be cleared and reset. So instead of
bcopy the struct and clear some fields start with a clean struct and
assign the values that need to be copied.
Fixes a local vulnerability but only root can issue the problematic ioctl().
Reported by Jean Sigwald, has been in snaps for a while and OK deraadt
- - - - - - - - - - - - - - - - - -
requested by and ok claudio
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]