---
- branch: MAIN
  date: Wed Jan 19 19:58:02 UTC 2011
  files:
  - new: '1.43'
    old: '1.42'
    path: src/sys/dist/pf/net/pf_ioctl.c
    pathrev: src/sys/dist/pf/net/pf_ioctl.c@1.43
    type: modified
  id: 20110119T195802Z.c2acaf80873500c90bd511c8629a9a685d5d32ac
  log: |
    make sure the "overload_tbl" member of "struct pf_rule" copied in
    from userland is initialized (it is used by the kernel only)
    fixes crash or data injection (CVE-2010-3830), usually by root user only
    OpenBSD has rewritten the code to start with a zero'd struct and fills
    in needed parts only - to be considered in case a newer pf version
    is imported.
  module: src
  subject: 'CVS commit: src/sys/dist/pf/net'
  unixtime: '1295467082'
  user: drochner