freebsd-src

mirror of https://github.com/freebsd/freebsd-src.git synced 2024-12-02 17:12:46 +00:00

History

Kristof Provost 8e38082d37 MFC r337969: pf: Limit the maximum number of fragments per packet Similar to the network stack issue fixed in r337782 pf did not limit the number of fragments per packet, which could be exploited to generate high CPU loads with a crafted series of packets. Limit each packet to no more than 64 fragments. This should be sufficient on typical networks to allow maximum-sized IP frames. This addresses the issue for both IPv4 and IPv6. Security: CVE-2018-5391 Sponsored by: Klara Systems	2018-08-20 15:43:08 +00:00
..
ipfw	MFC r330792:	2018-03-19 09:54:16 +00:00
pf	MFC r337969:	2018-08-20 15:43:08 +00:00

Kristof Provost 8e38082d37 MFC r337969:

pf: Limit the maximum number of fragments per packet

Similar to the network stack issue fixed in r337782 pf did not limit the number
of fragments per packet, which could be exploited to generate high CPU loads
with a crafted series of packets.

Limit each packet to no more than 64 fragments. This should be sufficient on
typical networks to allow maximum-sized IP frames.

This addresses the issue for both IPv4 and IPv6.

Security:	CVE-2018-5391
Sponsored by:	Klara Systems

2018-08-20 15:43:08 +00:00

ipfw

MFC r330792:

2018-03-19 09:54:16 +00:00

MFC r337969:

2018-08-20 15:43:08 +00:00