pf: Improve DIOCADDRULE validation
We expect the addrwrap.p.dyn value to be set to NULL (and assert such), but do not verify it on input. Reported-by: syzbot+936a89182e7d8f927de1@syzkaller.appspotmail.com Reviewed by: melifaro (previous version) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24538
This commit is contained in:
parent
95baab0dac
commit
1ef06ed8de
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=360609
@ -1556,6 +1556,11 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
if (pr->rule.src.addr.p.dyn != NULL ||
|
||||
pr->rule.dst.addr.p.dyn != NULL) {
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
#ifndef INET
|
||||
if (pr->rule.af == AF_INET) {
|
||||
error = EAFNOSUPPORT;
|
||||
|
Loading…
Reference in New Issue
Block a user