freebsd-nq/sys/netpfil/ipfw
Mark Johnston 1c732c8591 dummynet: Fix socket option length validation for IP_DUMMYNET3
The socket option handler tries to ensure that the option length is no
larger than some reasonable maximum, and no smaller than sizeof(struct
dn_id).  But the loaded option length is stored in an int, which is
converted to an unsigned integer for the comparison with a size_t, so
negative values are not caught and instead get passed to malloc().

Change the code to use a size_t for the buffer size.

Reviewed by:	kp
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33133
2021-11-29 13:57:24 -05:00
..
nat64 netinet: Remove unneeded mb_unmapped_to_ext() calls 2021-11-24 13:31:16 -05:00
nptv6
pmod
test
dn_aqm_codel.c
dn_aqm_codel.h
dn_aqm_pie.c
dn_aqm_pie.h
dn_aqm.h
dn_heap.c
dn_heap.h
dn_sched_fifo.c
dn_sched_fq_codel_helper.h
dn_sched_fq_codel.c
dn_sched_fq_codel.h
dn_sched_fq_pie.c
dn_sched_prio.c
dn_sched_qfq.c
dn_sched_rr.c
dn_sched_wf2q.c
dn_sched.h
dummynet.txt
ip_dn_glue.c ipfw: use unsigned int for dummynet bandwidth 2021-08-19 10:48:53 +02:00
ip_dn_io.c pf: support dummynet 2021-09-24 11:41:25 +02:00
ip_dn_private.h dummynet: Fix socket option length validation for IP_DUMMYNET3 2021-11-29 13:57:24 -05:00
ip_dummynet.c dummynet: Fix socket option length validation for IP_DUMMYNET3 2021-11-29 13:57:24 -05:00
ip_fw2.c ipfw: fix possible data race between jump cache reading and updating. 2021-08-17 11:08:28 +03:00
ip_fw_bpf.c
ip_fw_dynamic.c ipfw: remove unnecessary TCP related includes 2021-11-18 00:54:28 -08:00
ip_fw_eaction.c
ip_fw_iface.c
ip_fw_log.c ipfw: remove unnecessary TCP related includes 2021-11-18 00:54:28 -08:00
ip_fw_nat.c
ip_fw_pfil.c ipfw: Update the pfil mbuf pointer in ipfw_check_frame() 2021-06-16 09:46:56 -04:00
ip_fw_private.h ipfw: fix possible data race between jump cache reading and updating. 2021-08-17 11:08:28 +03:00
ip_fw_sockopt.c
ip_fw_table_algo.c
ip_fw_table_value.c
ip_fw_table.c
ip_fw_table.h