Perform more checks on the number of tables supplied by user.

2014-10-19 11:15:19 +00:00 · 2014-10-19 11:15:19 +00:00 · 4040f4ecd6
commit 4040f4ecd6
parent 49e2762fba
1 changed files with 19 additions and 0 deletions
--- a/sys/netpfil/ipfw/ip_fw_table.c
+++ b/sys/netpfil/ipfw/ip_fw_table.c
@ -1489,6 +1489,21 @@ destroy_table(struct ip_fw_chain *ch, struct tid_info *ti)
 	return (0);
 }

+static uint32_t
+roundup2p(uint32_t v)
+{
+
+	v--;
+	v |= v >> 1;
+	v |= v >> 2;
+	v |= v >> 4;
+	v |= v >> 8;
+	v |= v >> 16;
+	v++;
+
+	return (v);
+}
+
 /*
 * Grow tables index.
 *
@ -1505,8 +1520,12 @@ ipfw_resize_tables(struct ip_fw_chain *ch, unsigned int ntables)
 	int i, new_blocks;

 	/* Check new value for validity */
+	if (ntables == 0)
+		return (EINVAL);
 	if (ntables > IPFW_TABLES_MAX)
 		ntables = IPFW_TABLES_MAX;
+	/* Alight to nearest power of 2 */
+	ntables = (unsigned int)roundup2p(ntables); 

 	/* Allocate new pointers */
 	tablestate = malloc(ntables * sizeof(struct table_info),