Project

General

Profile

Actions

Bug #3891

closed

ipfw, on pfSense 2.2 kernel dump caused by: ipfw zone 4096 create

Added by Pi Ba about 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Ermal Luçi
Category:
Captive Portal
Target version:
Start date:
09/25/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
amd64

Description

ipfw is used by captive portal, and uses a cpzoneid to create a zone in ipfw using mwexec("/sbin/ipfw zone {$cpzoneid} create", true);

If this number gets equal or higher than 4097 it displays the usage options as the input is apparently not valid.
On numbers equal or lower than 4095 it seems to create the zone properly.

However if zone 4096 is created then the kernel is dumped (see attachment). Probably the input check is of by one and causes some buffer overflow.?


Files

textdump.tar (67 KB) textdump.tar crash dump Pi Ba, 09/25/2014 03:37 PM
Actions #1

Updated by Chris Buechler about 10 years ago

  • Assignee set to Ermal Luçi
  • Target version set to 2.2

Confirmed, simply running "ipfw zone 4096 create" will reproduce.

Actions #2

Updated by Ermal Luçi about 10 years ago

  • Status changed from New to Feedback

It should not do this anymore on newer snapshots.

Actions #3

Updated by Chris Buechler about 10 years ago

  • Status changed from Feedback to Confirmed

doesn't crash anymore, but it also doesn't work at all.

trying to create any zone results in:

ipfw: usage: ipfw [options]
do "ipfw -h" or "man ipfw" for details

Actions #4

Updated by Ermal Luçi about 10 years ago

  • Status changed from Confirmed to Resolved
Actions #5

Updated by Ermal Luçi about 10 years ago

Tester issue.

Actions

Also available in: Atom PDF