diff options
author | melifaro <melifaro@FreeBSD.org> | 2013-11-28 10:28:28 +0000 |
---|---|---|
committer | melifaro <melifaro@FreeBSD.org> | 2013-11-28 10:28:28 +0000 |
commit | c9cfc8e3226ba615d3221cb9c74e66d69b9c70c5 (patch) | |
tree | a562142d1ba7f7fe6224c65be6117ae4e5f5b20e /sys | |
parent | 38607685e1476d896e08d2967010a65970fde85d (diff) | |
download | FreeBSD-src-c9cfc8e3226ba615d3221cb9c74e66d69b9c70c5.zip FreeBSD-src-c9cfc8e3226ba615d3221cb9c74e66d69b9c70c5.tar.gz |
Check ipfw table numbers in both user and kernel space before rule addition.
Found by: Saychik Pavel <umka@localka.net>
MFC after: 2 weeks
Sponsored by: Yandex LLC
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netpfil/ipfw/ip_fw_sockopt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c index 64f09a5..38ee2af 100644 --- a/sys/netpfil/ipfw/ip_fw_sockopt.c +++ b/sys/netpfil/ipfw/ip_fw_sockopt.c @@ -653,7 +653,7 @@ check_ipfw_struct(struct ip_fw *rule, int size) case O_IP_SRC_LOOKUP: case O_IP_DST_LOOKUP: - if (cmd->arg1 >= IPFW_TABLES_MAX) { + if (cmd->arg1 >= V_fw_tables_max) { printf("ipfw: invalid table number %d\n", cmd->arg1); return (EINVAL); |