git: 3331975ab18f - main - pf: check rather than assert pool type

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Fri, 24 Jan 2025 10:25:00 UTC

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=3331975ab18f88a519b16e5c4781f5924b191eb7

commit 3331975ab18f88a519b16e5c4781f5924b191eb7
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-01-20 16:19:22 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-01-24 10:20:30 +0000

    pf: check rather than assert pool type
    
    These pool types are passed by userspace, so we must check rather than assert
    they are valid.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf_ioctl.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 188681329b43..d206a9f8da43 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2566,7 +2566,8 @@ pf_ioctl_add_addr(struct pf_nl_pooladdr *pp)
 	struct pfi_kkif		*kif = NULL;
 	int error;
 
-	MPASS(pp->which == PF_RDR || pp->which == PF_NAT);
+	if (pp->which != PF_RDR && pp->which != PF_NAT)
+		return (EINVAL);
 
 #ifndef INET
 	if (pp->af == AF_INET)
@@ -2631,7 +2632,8 @@ pf_ioctl_get_addrs(struct pf_nl_pooladdr *pp)
 
 	PF_RULES_RLOCK_TRACKER;
 
-	MPASS(pp->which == PF_RDR || pp->which == PF_NAT);
+	if (pp->which != PF_RDR && pp->which != PF_NAT)
+		return (EINVAL);
 
 	pp->anchor[sizeof(pp->anchor) - 1] = 0;
 	pp->nr = 0;
@@ -2657,7 +2659,8 @@ pf_ioctl_get_addr(struct pf_nl_pooladdr *pp)
 	struct pf_kpooladdr	*pa;
 	u_int32_t		 nr = 0;
 
-	MPASS(pp->which == PF_RDR || pp->which == PF_NAT);
+	if (pp->which != PF_RDR && pp->which != PF_NAT)
+		return (EINVAL);
 
 	PF_RULES_RLOCK_TRACKER;