From 89ba9c24eeac9215b911c9d51e34a31bac0315de Mon Sep 17 00:00:00 2001
From: rik <rik@FreeBSD.org>
Date: Sun, 21 Sep 2008 21:46:56 +0000
Subject: Add the check of the table number.

---
 sbin/ipfw/ipfw2.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'sbin')

diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index 0a62631..e693135 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -5870,7 +5870,21 @@ table_handler(int ac, char *av[])
 {
 	ipfw_table_entry ent;
 	int do_add;
+	size_t len;
 	char *p;
+	uint32_t tables_max;
+
+	len = sizeof(a);
+	if (sysctlbyname("net.inet.ip.fw.tables_max", &tables_max, &len,
+		NULL, 0) == -1) {
+#ifdef IPFW_TABLES_MAX
+		warn("Warn: Failed to get the max tables number via sysctl. "
+		     "Using the compiled in defaults. \nThe reason was");
+		tables_max = IPFW_TABLES_MAX;
+#else
+		errx(1, "Failed sysctlbyname(\"net.inet.ip.fw.tables_max\")");
+#endif
+	}
 
 	ac--; av++;
 	if (ac && isdigit(**av)) {
@@ -5878,6 +5892,9 @@ table_handler(int ac, char *av[])
 		ac--; av++;
 	} else
 		errx(EX_USAGE, "table number required");
+	if (ent.tbl >= tables_max)
+		errx(EX_USAGE, "The table number exceeds the maximum allowed "
+			"value (%d)", tables_max - 1);
 	NEED1("table needs command");
 	if (_substrcmp(*av, "add") == 0 ||
 	    _substrcmp(*av, "delete") == 0) {
-- 
cgit v1.1