CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2010/12/16 04:11:18
Modified files:
sys/net : Tag: OPENBSD_4_8 pf_ioctl.c
Log message:
MFC, original commit from claudio@:
- - - - - - - - - - - - - - - - - -
Be more careful when copying the pf rule from userland into the kernel.
All pointers in the struct need to be cleared and reset. So instead of
bcopy the struct and clear some fields start with a clean struct and
assign the values that need to be copied.
Fixes a local vulnerability but only root can issue the problematic ioctl().
Reported by Jean Sigwald, has been in snaps for a while and OK deraadt@
- - - - - - - - - - - - - - - - - -
requested by and ok claudio@
