aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2022-03-29 12:17:12 +0000
committerKristof Provost <kp@FreeBSD.org>2022-03-30 08:28:19 +0000
commit81cac0d2f6035e02430fcdfa0ac8a081a9343f8d (patch)
treeba615d26e98c329cf0ecfa3a18b23ccc69ca7a5d
parent514039bb90853473078acd2fbba1b1bfb359aab5 (diff)
downloadsrc-81cac0d2f6035e02430fcdfa0ac8a081a9343f8d.tar.gz
src-81cac0d2f6035e02430fcdfa0ac8a081a9343f8d.zip
pf: add missing input/error validation for DIOCGETETHRULE
Sponsored by: Rubicon Communications, LLC ("Netgate")
Diffstat
-rw-r--r--sys/netpfil/pf/pf_ioctl.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 3cb5552d20c5..eae7b3bf1fa0 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2672,6 +2672,9 @@ DIOCGETETHRULES_error:
#define ERROUT(x) do { error = (x); goto DIOCGETETHRULE_error; } while (0)
+ if (nv->len > pf_ioctl_maxcount)
+ ERROUT(ENOMEM);
+
nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK);
if (nvlpacked == NULL)
ERROUT(ENOMEM);
@@ -2681,6 +2684,8 @@ DIOCGETETHRULES_error:
ERROUT(error);
nvl = nvlist_unpack(nvlpacked, nv->len, 0);
+ if (nvl == NULL)
+ ERROUT(EBADMSG);
if (! nvlist_exists_number(nvl, "ticket"))
ERROUT(EBADMSG);
ticket = nvlist_get_number(nvl, "ticket");
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 17:55:00 +0000