diff options
author | Kristof Provost <kp@FreeBSD.org> | 2025-01-20 16:19:22 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2025-01-24 10:20:30 +0000 |
commit | 3331975ab18f88a519b16e5c4781f5924b191eb7 (patch) | |
tree | 0b9f910dc61026109c3c73e4bc9f2a11c04d1357 | |
parent | 5cb08fddef998b5e6452df3f52474e00883e06c4 (diff) |
pf: check rather than assert pool type
These pool types are passed by userspace, so we must check rather than assert
they are valid.
Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 188681329b43..d206a9f8da43 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2566,7 +2566,8 @@ pf_ioctl_add_addr(struct pf_nl_pooladdr *pp) struct pfi_kkif *kif = NULL; int error; - MPASS(pp->which == PF_RDR || pp->which == PF_NAT); + if (pp->which != PF_RDR && pp->which != PF_NAT) + return (EINVAL); #ifndef INET if (pp->af == AF_INET) @@ -2631,7 +2632,8 @@ pf_ioctl_get_addrs(struct pf_nl_pooladdr *pp) PF_RULES_RLOCK_TRACKER; - MPASS(pp->which == PF_RDR || pp->which == PF_NAT); + if (pp->which != PF_RDR && pp->which != PF_NAT) + return (EINVAL); pp->anchor[sizeof(pp->anchor) - 1] = 0; pp->nr = 0; @@ -2657,7 +2659,8 @@ pf_ioctl_get_addr(struct pf_nl_pooladdr *pp) struct pf_kpooladdr *pa; u_int32_t nr = 0; - MPASS(pp->which == PF_RDR || pp->which == PF_NAT); + if (pp->which != PF_RDR && pp->which != PF_NAT) + return (EINVAL); PF_RULES_RLOCK_TRACKER; |