diff options
| author | glebius <glebius@FreeBSD.org> | 2004-12-05 14:30:38 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2004-12-05 14:30:38 +0000 |
| commit | 4f260d49bc2b7c3933dccbcb5f14699ac36695d5 (patch) | |
| tree | 127b2a5e182b5ad2ec3d0f2c743ce050d9393c37 /sys/netgraph | |
| parent | 0d2cefc65d156763c81effb8849787ac113ae7ba (diff) | |
| download | FreeBSD-src-4f260d49bc2b7c3933dccbcb5f14699ac36695d5.zip FreeBSD-src-4f260d49bc2b7c3933dccbcb5f14699ac36695d5.tar.gz | |
- Use uint16_t to pass argument for NGM_NETFLOW_IFINFO, bump cookie.
- Always check that index number passed from userland
is <= NG_NETFLOW_MAXIFACES. [1]
- Increase NG_NETFLOW_MAXIFACES up to 512. [2]
Noticed by: Roman Palagin [1]
Requested by: Yuri Y. Bushmelev [2]
MFC after: 1 week
Diffstat (limited to 'sys/netgraph')
| -rw-r--r-- | sys/netgraph/netflow/ng_netflow.c | 14 | ||||
| -rw-r--r-- | sys/netgraph/netflow/ng_netflow.h | 4 |
2 files changed, 12 insertions, 6 deletions
diff --git a/sys/netgraph/netflow/ng_netflow.c b/sys/netgraph/netflow/ng_netflow.c index 267216d..8b61d97 100644 --- a/sys/netgraph/netflow/ng_netflow.c +++ b/sys/netgraph/netflow/ng_netflow.c @@ -114,7 +114,7 @@ static const struct ng_cmdlist ng_netflow_cmds[] = { NGM_NETFLOW_COOKIE, NGM_NETFLOW_IFINFO, "ifinfo", - &ng_parse_uint8_type, + &ng_parse_uint16_type, &ng_netflow_ifinfo_type }, { @@ -277,12 +277,14 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook) case NGM_NETFLOW_IFINFO: { struct ng_netflow_ifinfo *i; - const uint8_t *index; + const uint16_t *index; - if (msg->header.arglen != sizeof(uint8_t)) + if (msg->header.arglen != sizeof(uint16_t)) ERROUT(EINVAL); - index = (uint8_t *)msg->data; + index = (uint16_t *)msg->data; + if (*index > NG_NETFLOW_MAXIFACES) + ERROUT(EINVAL); /* connected iface? */ if (priv->ifaces[*index].hook == NULL) @@ -305,6 +307,8 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook) ERROUT(EINVAL); set = (struct ng_netflow_setdlt *)msg->data; + if (set->iface > NG_NETFLOW_MAXIFACES) + ERROUT(EINVAL); iface = &priv->ifaces[set->iface]; /* connected iface? */ @@ -332,6 +336,8 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook) ERROUT(EINVAL); set = (struct ng_netflow_setifindex *)msg->data; + if (set->iface > NG_NETFLOW_MAXIFACES) + ERROUT(EINVAL); iface = &priv->ifaces[set->iface]; /* connected iface? */ diff --git a/sys/netgraph/netflow/ng_netflow.h b/sys/netgraph/netflow/ng_netflow.h index 4b6f576..0f8ebcf 100644 --- a/sys/netgraph/netflow/ng_netflow.h +++ b/sys/netgraph/netflow/ng_netflow.h @@ -32,9 +32,9 @@ #define _NG_NETFLOW_H_ #define NG_NETFLOW_NODE_TYPE "netflow" -#define NGM_NETFLOW_COOKIE 1095355665 +#define NGM_NETFLOW_COOKIE 1101814790 -#define NG_NETFLOW_MAXIFACES 64 +#define NG_NETFLOW_MAXIFACES 512 /* Hook names */ |
