Project

General

Profile

Bug #3891

ipfw, on pfSense 2.2 kernel dump caused by: ipfw zone 4096 create

Added by Pi Ba about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Ermal Luçi
Category:
Captive Portal
Target version:
Start date:
09/25/2014
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.2
Affected Architecture:
amd64

Description

ipfw is used by captive portal, and uses a cpzoneid to create a zone in ipfw using mwexec("/sbin/ipfw zone {$cpzoneid} create", true);

If this number gets equal or higher than 4097 it displays the usage options as the input is apparently not valid.
On numbers equal or lower than 4095 it seems to create the zone properly.

However if zone 4096 is created then the kernel is dumped (see attachment). Probably the input check is of by one and causes some buffer overflow.?

textdump.tar (67 KB) textdump.tar crash dump Pi Ba, 09/25/2014 03:37 PM

History

#1 Updated by Chris Buechler about 4 years ago

  • Assignee set to Ermal Luçi
  • Target version set to 2.2

Confirmed, simply running "ipfw zone 4096 create" will reproduce.

#2 Updated by Ermal Luçi about 4 years ago

  • Status changed from New to Feedback

It should not do this anymore on newer snapshots.

#3 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Confirmed

doesn't crash anymore, but it also doesn't work at all.

trying to create any zone results in:

ipfw: usage: ipfw [options]
do "ipfw -h" or "man ipfw" for details

#4 Updated by Ermal Luçi about 4 years ago

  • Status changed from Confirmed to Resolved

#5 Updated by Ermal Luçi about 4 years ago

Tester issue.

Also available in: Atom PDF