Actions
Bug #3891
closedipfw, on pfSense 2.2 kernel dump caused by: ipfw zone 4096 create
Start date:
09/25/2014
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
amd64
Description
ipfw is used by captive portal, and uses a cpzoneid to create a zone in ipfw using mwexec("/sbin/ipfw zone {$cpzoneid} create", true);
If this number gets equal or higher than 4097 it displays the usage options as the input is apparently not valid.
On numbers equal or lower than 4095 it seems to create the zone properly.
However if zone 4096 is created then the kernel is dumped (see attachment). Probably the input check is of by one and causes some buffer overflow.?
Files
Updated by Chris Buechler about 10 years ago
- Assignee set to Ermal Luçi
- Target version set to 2.2
Confirmed, simply running "ipfw zone 4096 create" will reproduce.
Updated by Ermal Luçi about 10 years ago
- Status changed from New to Feedback
It should not do this anymore on newer snapshots.
Updated by Chris Buechler about 10 years ago
- Status changed from Feedback to Confirmed
doesn't crash anymore, but it also doesn't work at all.
trying to create any zone results in:
ipfw: usage: ipfw [options] do "ipfw -h" or "man ipfw" for details
Updated by Ermal Luçi about 10 years ago
- Status changed from Confirmed to Resolved
Actions