The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=8b8fae451c8ead8af978a4528631ca6b29eff30d
commit 8b8fae451c8ead8af978a4528631ca6b29eff30d
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-02 16:27:30 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-07 15:06:52 +0000
pfctl: pfctl should check pfctl.astack is not overrun
(bug found and fixed by Petr Hoffmann _at_ oracle.com)
OK kn@
Obtained from: OpenBSD, sashan <sas...@openbsd.org>, 12ebb2cc68
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/parse.y | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index d465599e1738..af1fb95398f8 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -958,6 +958,8 @@ pfa_anchor : '{'
struct pfctl_ruleset *rs;
/* stepping into a brace anchor */
+ if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH)
+ errx(1, "pfa_anchor: anchors too deep");
pf->asd++;
pf->bn++;
@@ -1261,6 +1263,8 @@ etherpfa_anchor : '{'
struct pfctl_eth_ruleset *rs;
/* steping into a brace anchor */
+ if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH)
+ errx(1, "pfa_anchor: anchors too deep");
pf->asd++;
pf->bn++;
