aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2022-06-28 07:43:23 +0000
committerKristof Provost <kp@FreeBSD.org>2022-06-28 08:31:23 +0000
commit6f16d78c0da68f1e72bc6fe4c44446dbcc47a001 (patch)
treef84f02bfc37a14d70264adf48db4ebebe4c8f8db
parent881c145431b7aa956b93f6d2e7b861fe00ecc892 (diff)
downloadsrc-6f16d78c0da68f1e72bc6fe4c44446dbcc47a001.tar.gz
src-6f16d78c0da68f1e72bc6fe4c44446dbcc47a001.zip
pf: add missing maximum length check for DIOCADDETHRULE
Sponsored by: Rubicon Communications, LLC ("Netgate")
Diffstat
-rw-r--r--sys/netpfil/pf/pf_ioctl.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index c07df7e6c05e..c50369a23aaf 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2821,6 +2821,9 @@ DIOCGETETHRULE_error:
#define ERROUT(x) ERROUT_IOCTL(DIOCADDETHRULE_error, x)
+ if (nv->len > pf_ioctl_maxcount)
+ ERROUT(ENOMEM);
+
nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK);
if (nvlpacked == NULL)
ERROUT(ENOMEM);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 04:22:11 +0000