Date: Wed, 30 Mar 2022 09:17:24 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 81cac0d2f603 - main - pf: add missing input/error validation for DIOCGETETHRULE Message-ID: <202203300917.22U9HOjS091027@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=81cac0d2f6035e02430fcdfa0ac8a081a9343f8d commit 81cac0d2f6035e02430fcdfa0ac8a081a9343f8d Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-03-29 12:17:12 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-03-30 08:28:19 +0000 pf: add missing input/error validation for DIOCGETETHRULE Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 3cb5552d20c5..eae7b3bf1fa0 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2672,6 +2672,9 @@ DIOCGETETHRULES_error: #define ERROUT(x) do { error = (x); goto DIOCGETETHRULE_error; } while (0) + if (nv->len > pf_ioctl_maxcount) + ERROUT(ENOMEM); + nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -2681,6 +2684,8 @@ DIOCGETETHRULES_error: ERROUT(error); nvl = nvlist_unpack(nvlpacked, nv->len, 0); + if (nvl == NULL) + ERROUT(EBADMSG); if (! nvlist_exists_number(nvl, "ticket")) ERROUT(EBADMSG); ticket = nvlist_get_number(nvl, "ticket");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203300917.22U9HOjS091027>