diff options
author | Kristof Provost <kp@FreeBSD.org> | 2022-06-28 07:43:23 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2022-06-28 08:31:23 +0000 |
commit | 6f16d78c0da68f1e72bc6fe4c44446dbcc47a001 (patch) | |
tree | f84f02bfc37a14d70264adf48db4ebebe4c8f8db | |
parent | 881c145431b7aa956b93f6d2e7b861fe00ecc892 (diff) | |
download | src-6f16d78c0da68f1e72bc6fe4c44446dbcc47a001.tar.gz src-6f16d78c0da68f1e72bc6fe4c44446dbcc47a001.zip |
pf: add missing maximum length check for DIOCADDETHRULE
Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index c07df7e6c05e..c50369a23aaf 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2821,6 +2821,9 @@ DIOCGETETHRULE_error: #define ERROUT(x) ERROUT_IOCTL(DIOCADDETHRULE_error, x) + if (nv->len > pf_ioctl_maxcount) + ERROUT(ENOMEM); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); |