Page MenuHomeFreeBSD

pfsync: Avoid transmitting uninitialized bytes in pfsync_sendout()
ClosedPublic

Authored by markj on Nov 3 2023, 10:05 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 25, 3:59 PM
Unknown Object (File)
Dec 1 2024, 9:42 PM
Unknown Object (File)
Oct 28 2024, 8:25 PM
Unknown Object (File)
Oct 27 2024, 8:19 PM
Unknown Object (File)
Oct 23 2024, 10:42 AM
Unknown Object (File)
Sep 27 2024, 8:54 AM
Unknown Object (File)
Sep 24 2024, 8:43 AM
Unknown Object (File)
Sep 24 2024, 7:23 AM

Details

Summary

When IPv6 support was added to pfsync, PFSYNC_MINPKT increased such that
we always allocate enough space for either IPv4 or IPv6 headers. IPv6
headers are 20 bytes larger than IPv4 headers. When pfsync_sendout()
does its thing, it ends up allocating enough space for either; thus when
transmitting an IPv4 packet, the last 20 bytes of the buffer are left
uninitialized.

Fix the problem by stashing the length in a local variable and adjusting
it depending on the address family in use.

While here, just zero the entire buffer in one go rather than being
careful to initialize each subheader. This seems simpler and less error
prone.

Fixes: 6fc7fc2dbb2b ("pfsync: transport over IPv6")
Reported by: KMSAN

Test Plan

pfsync regression tests

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 54274
Build 51164: arc lint + arc unit