diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2007-09-12 18:49:04 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2007-09-12 18:49:04 +0000 |
commit | 4ac83c7d253160e4b10780d47d995fb990a2f793 (patch) | |
tree | 759e183703d940163853f556ce12e88eb9d543d4 /sbin/pfctl/parse.y | |
parent | 686a66fd14ac65920ed413c064f082baa2c970c6 (diff) |
add a missing range check for rtable ids; ok cloder henning
Diffstat (limited to 'sbin/pfctl/parse.y')
-rw-r--r-- | sbin/pfctl/parse.y | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index e3573f03963..6c43347a8f5 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.521 2007/09/12 15:58:40 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.522 2007/09/12 18:49:03 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -199,12 +199,12 @@ struct filter_opts { char *tag; char *match_tag; u_int8_t match_tag_not; - int rtableid; + u_int rtableid; } filter_opts; struct antispoof_opts { char *label; - int rtableid; + u_int rtableid; } antispoof_opts; struct scrub_opts { @@ -218,7 +218,7 @@ struct scrub_opts { int fragcache; int randomid; int reassemble_tcp; - int rtableid; + u_int rtableid; } scrub_opts; struct queue_opts { @@ -330,7 +330,7 @@ typedef struct { int64_t number; int i; char *string; - int rtableid; + u_int rtableid; struct { u_int8_t b1; u_int8_t b2; @@ -1023,6 +1023,10 @@ scrub_opt : NODF { scrub_opts.randomid = 1; } | RTABLE NUMBER { + if ($2 < 0 || $2 > RT_TABLEID_MAX) { + yyerror("invalid rtable id"); + YYERROR; + } scrub_opts.rtableid = $2; } ; |