diff options
| author | jkim <jkim@FreeBSD.org> | 2008-08-29 15:49:40 +0000 |
|---|---|---|
| committer | jkim <jkim@FreeBSD.org> | 2008-08-29 15:49:40 +0000 |
| commit | 8fb51c23ad0bf57e576afcc0dd0433bbf8ad8815 (patch) | |
| tree | 0d109d5bc0feaa25a237b9244efc220d5224c4b0 /sys/netgraph/ng_bpf.c | |
| parent | 8f53106a9eee67edefaa2dba7492395b96accb2d (diff) | |
| download | FreeBSD-src-8fb51c23ad0bf57e576afcc0dd0433bbf8ad8815.zip FreeBSD-src-8fb51c23ad0bf57e576afcc0dd0433bbf8ad8815.tar.gz | |
Make sure BPF program is not bigger than set maximum (net.bpf.maxinsns).
Diffstat (limited to 'sys/netgraph/ng_bpf.c')
| -rw-r--r-- | sys/netgraph/ng_bpf.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/netgraph/ng_bpf.c b/sys/netgraph/ng_bpf.c index 6c4c212..7d7aa26 100644 --- a/sys/netgraph/ng_bpf.c +++ b/sys/netgraph/ng_bpf.c @@ -104,6 +104,9 @@ static ng_newhook_t ng_bpf_newhook; static ng_rcvdata_t ng_bpf_rcvdata; static ng_disconnect_t ng_bpf_disconnect; +/* Maximum bpf program instructions */ +extern int bpf_maxinsns; + /* Internal helper functions */ static int ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp); @@ -560,7 +563,8 @@ ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp0) int size; /* Check program for validity */ - if (!bpf_validate(hp0->bpf_prog, hp0->bpf_prog_len)) + if (hp0->bpf_prog_len > bpf_maxinsns || + !bpf_validate(hp0->bpf_prog, hp0->bpf_prog_len)) return (EINVAL); /* Make a copy of the program */ |
