diff options
| author | loos <loos@FreeBSD.org> | 2015-08-17 23:03:54 +0000 |
|---|---|---|
| committer | loos <loos@FreeBSD.org> | 2015-08-17 23:03:54 +0000 |
| commit | fcf4dee5b20c599b8dbbdde2bc8ac60c6567637c (patch) | |
| tree | fc5461debd573d38939cc8b79d14e9230acbe169 | |
| parent | ddc112c4e3a39bb6ba627a0a04c2e69ce6645320 (diff) | |
| download | FreeBSD-src-fcf4dee5b20c599b8dbbdde2bc8ac60c6567637c.zip FreeBSD-src-fcf4dee5b20c599b8dbbdde2bc8ac60c6567637c.tar.gz | |
Fix the copy of addresses passed from userland in table replace command.
The size2 is the maximum userland buffer size (used when the addresses are
copied back to userland).
Obtained from: pfSense
MFC after: 3 days
Sponsored by: Rubicon Communications (Netgate)
| -rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index a062401..ba43de8 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2724,8 +2724,7 @@ DIOCCHANGEADDR_error: error = ENODEV; break; } - totlen = (io->pfrio_size + io->pfrio_size2) * - sizeof(struct pfr_addr); + totlen = io->pfrio_size * sizeof(struct pfr_addr); pfras = malloc(totlen, M_TEMP, M_WAITOK); error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { |
