summaryrefslogtreecommitdiff
path: root/sbin/pfctl/parse.y
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2007-09-12 18:49:04 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2007-09-12 18:49:04 +0000
commit4ac83c7d253160e4b10780d47d995fb990a2f793 (patch)
tree759e183703d940163853f556ce12e88eb9d543d4 /sbin/pfctl/parse.y
parent686a66fd14ac65920ed413c064f082baa2c970c6 (diff)
add a missing range check for rtable ids; ok cloder henning
Diffstat (limited to 'sbin/pfctl/parse.y')
-rw-r--r--sbin/pfctl/parse.y14
1 files changed, 9 insertions, 5 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index e3573f03963..6c43347a8f5 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.521 2007/09/12 15:58:40 deraadt Exp $ */
+/* $OpenBSD: parse.y,v 1.522 2007/09/12 18:49:03 deraadt Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -199,12 +199,12 @@ struct filter_opts {
char *tag;
char *match_tag;
u_int8_t match_tag_not;
- int rtableid;
+ u_int rtableid;
} filter_opts;
struct antispoof_opts {
char *label;
- int rtableid;
+ u_int rtableid;
} antispoof_opts;
struct scrub_opts {
@@ -218,7 +218,7 @@ struct scrub_opts {
int fragcache;
int randomid;
int reassemble_tcp;
- int rtableid;
+ u_int rtableid;
} scrub_opts;
struct queue_opts {
@@ -330,7 +330,7 @@ typedef struct {
int64_t number;
int i;
char *string;
- int rtableid;
+ u_int rtableid;
struct {
u_int8_t b1;
u_int8_t b2;
@@ -1023,6 +1023,10 @@ scrub_opt : NODF {
scrub_opts.randomid = 1;
}
| RTABLE NUMBER {
+ if ($2 < 0 || $2 > RT_TABLEID_MAX) {
+ yyerror("invalid rtable id");
+ YYERROR;
+ }
scrub_opts.rtableid = $2;
}
;