d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure BPF program is not bigger than set maximum (net.bpf.maxinsns).

Browse Source
This commit is contained in:
Jung-uk Kim 2008-08-29 15:49:40 +00:00
parent df3310e04a
commit 37b5fe59b5
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/netgraph/ng_bpf.c
View File

@ -104,6 +104,9 @@ static ng_newhook_t ng_bpf_newhook;
static ng_rcvdata_t ng_bpf_rcvdata;
static ng_disconnect_t ng_bpf_disconnect;
/* Maximum bpf program instructions */
extern int bpf_maxinsns;
/* Internal helper functions */
static int ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp);
@ -560,7 +563,8 @@ ng_bpf_setprog(hook_p hook, const struct ng_bpf_hookprog *hp0)
int size;
/* Check program for validity */
if (!bpf_validate(hp0->bpf_prog, hp0->bpf_prog_len))
if (hp0->bpf_prog_len > bpf_maxinsns ||
!bpf_validate(hp0->bpf_prog, hp0->bpf_prog_len))
return (EINVAL);
/* Make a copy of the program */