summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_fw2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_fw2.c')
-rw-r--r--sys/netinet/ip_fw2.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index a8bcede..2d8197f 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -2846,6 +2846,11 @@ check_ipfw_struct(struct ip_fw *rule, int size)
printf("ipfw: size mismatch (have %d want %d)\n", size, l);
return (EINVAL);
}
+ if (rule->act_ofs >= rule->cmd_len) {
+ printf("ipfw: bogus action offset (%u > %u)\n",
+ rule->act_ofs, rule->cmd_len - 1);
+ return (EINVAL);
+ }
/*
* Now go for the individual checks. Very simple ones, basically only
* instruction sizes.
OpenPOWER on IntegriCloud