Date: Tue, 28 Jun 2022 08:43:41 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 6f16d78c0da6 - main - pf: add missing maximum length check for DIOCADDETHRULE Message-ID: <202206280843.25S8hfUD097819@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6f16d78c0da68f1e72bc6fe4c44446dbcc47a001 commit 6f16d78c0da68f1e72bc6fe4c44446dbcc47a001 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-06-28 07:43:23 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-06-28 08:31:23 +0000 pf: add missing maximum length check for DIOCADDETHRULE Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index c07df7e6c05e..c50369a23aaf 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2821,6 +2821,9 @@ DIOCGETETHRULE_error: #define ERROUT(x) ERROUT_IOCTL(DIOCADDETHRULE_error, x) + if (nv->len > pf_ioctl_maxcount) + ERROUT(ENOMEM); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206280843.25S8hfUD097819>