git: 96e6fc517ffe - stable/14 - netlink/route: validate family attribute

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=96e6fc517ffec074dbdb6a44b9c2daa7449fd91d

commit 96e6fc517ffec074dbdb6a44b9c2daa7449fd91d
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2025-01-29 23:40:56 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:31:21 +0000

    netlink/route: validate family attribute
    
    PR:                     283818
    (cherry picked from commit cdacb12065e4d85416655743da5bc6b17a9d9119)
---
 sys/netlink/route/rt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/netlink/route/rt.c b/sys/netlink/route/rt.c
index abbcc075dde3..7cd6e0045f01 100644
--- a/sys/netlink/route/rt.c
+++ b/sys/netlink/route/rt.c
@@ -956,7 +956,7 @@ rtnl_handle_newroute(struct nlmsghdr *hdr, struct nlpcb *nlp,
 	/* pre-2.6.19 Linux API compatibility */
 	if (attrs.rtm_table > 0 && attrs.rta_table == 0)
 		attrs.rta_table = attrs.rtm_table;
-	if (attrs.rta_table >= V_rt_numfibs) {
+	if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
 		NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
 		return (EINVAL);
 	}
@@ -1019,7 +1019,7 @@ rtnl_handle_delroute(struct nlmsghdr *hdr, struct nlpcb *nlp,
 		return (ESRCH);
 	}
 
-	if (attrs.rta_table >= V_rt_numfibs) {
+	if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
 		NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
 		return (EINVAL);
 	}
@@ -1042,7 +1042,7 @@ rtnl_handle_getroute(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *
 	if (error != 0)
 		return (error);
 
-	if (attrs.rta_table >= V_rt_numfibs) {
+	if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
 		NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
 		return (EINVAL);
 	}