CVSROOT: /cvs Module name: src Changes by: [email protected] 2025/11/24 09:57:19
Modified files:
sbin/pfctl : pfctl_parser.c
Log message:
ifa_load() in pfctl_parser.c may attempt to read beyond the buffer.
The current ifa_load() is not paranoid enough when it deals with
information which comes from kernel. The function just ignores
sa_len member in socket address returned getifaddrs().
The issue has been reported by anton@. The idea for fix here comes
fromy claudio@.
OK @claudio, @deraadt
