git: 6f16d78c0da6 - main - pf: add missing maximum length check for DIOCADDETHRULE
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 28 Jun 2022 08:43:41 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=6f16d78c0da68f1e72bc6fe4c44446dbcc47a001
commit 6f16d78c0da68f1e72bc6fe4c44446dbcc47a001
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-06-28 07:43:23 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-06-28 08:31:23 +0000
pf: add missing maximum length check for DIOCADDETHRULE
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf_ioctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index c07df7e6c05e..c50369a23aaf 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2821,6 +2821,9 @@ DIOCGETETHRULE_error:
#define ERROUT(x) ERROUT_IOCTL(DIOCADDETHRULE_error, x)
+ if (nv->len > pf_ioctl_maxcount)
+ ERROUT(ENOMEM);
+
nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK);
if (nvlpacked == NULL)
ERROUT(ENOMEM);