Bug #3891: ipfw, on pfSense 2.2 kernel dump caused by: ipfw zone 4096 create - pfSense - pfSense bugtracker

Actions

Copy link

Bug #3891

closed

ipfw, on pfSense 2.2 kernel dump caused by: ipfw zone 4096 create

Added by Pi Ba over 9 years ago. Updated over 9 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Ermal Luçi

Category:

Captive Portal

Target version:

2.2

Start date:

09/25/2014

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2

Affected Architecture:

amd64

Description

ipfw is used by captive portal, and uses a cpzoneid to create a zone in ipfw using mwexec("/sbin/ipfw zone {$cpzoneid} create", true);

If this number gets equal or higher than 4097 it displays the usage options as the input is apparently not valid.
On numbers equal or lower than 4095 it seems to create the zone properly.

However if zone 4096 is created then the kernel is dumped (see attachment). Probably the input check is of by one and causes some buffer overflow.?

Files

textdump.tar (67 KB) textdump.tar

crash dump

Pi Ba, 09/25/2014 03:37 PM

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #3891

ipfw, on pfSense 2.2 kernel dump caused by: ipfw zone 4096 create

Updated by Chris Buechler over 9 years ago

Updated by Ermal Luçi over 9 years ago

Updated by Chris Buechler over 9 years ago

Updated by Ermal Luçi over 9 years ago

Updated by Ermal Luçi over 9 years ago