diff options
author | Kristof Provost <kp@FreeBSD.org> | 2022-03-29 12:17:12 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2022-03-30 08:28:19 +0000 |
commit | 81cac0d2f6035e02430fcdfa0ac8a081a9343f8d (patch) | |
tree | ba615d26e98c329cf0ecfa3a18b23ccc69ca7a5d | |
parent | 514039bb90853473078acd2fbba1b1bfb359aab5 (diff) | |
download | src-81cac0d2f6035e02430fcdfa0ac8a081a9343f8d.tar.gz src-81cac0d2f6035e02430fcdfa0ac8a081a9343f8d.zip |
pf: add missing input/error validation for DIOCGETETHRULE
Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 3cb5552d20c5..eae7b3bf1fa0 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2672,6 +2672,9 @@ DIOCGETETHRULES_error: #define ERROUT(x) do { error = (x); goto DIOCGETETHRULE_error; } while (0) + if (nv->len > pf_ioctl_maxcount) + ERROUT(ENOMEM); + nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -2681,6 +2684,8 @@ DIOCGETETHRULES_error: ERROUT(error); nvl = nvlist_unpack(nvlpacked, nv->len, 0); + if (nvl == NULL) + ERROUT(EBADMSG); if (! nvlist_exists_number(nvl, "ticket")) ERROUT(EBADMSG); ticket = nvlist_get_number(nvl, "ticket"); |