diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2003-05-30 20:08:35 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2003-05-30 20:08:35 +0000 |
| commit | 3dffae44c0066a6e4aee54e1a346110caf316c12 (patch) | |
| tree | 8e6dd8f0be0170d6139f2a32285f72cda71b1b24 /sys/net/if_bridge.c | |
| parent | 10797af0d52f5aa7237753844b53a67bf4a29717 (diff) | |
o the timeout is int, not u_int32_t
o check timeout for negative values and overflow
ok tedu@ jason@
Diffstat (limited to 'sys/net/if_bridge.c')
| -rw-r--r-- | sys/net/if_bridge.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index b6a2aa0382a..b2f6afca087 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.115 2003/05/03 21:15:11 deraadt Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.116 2003/05/30 20:08:34 henning Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -548,6 +548,11 @@ bridge_ioctl(ifp, cmd, data) case SIOCBRDGSTO: if ((error = suser(prc->p_ucred, &prc->p_acflag)) != 0) break; + if (bparam->ifbrp_ctime < 0 || + bparam->ifbrp_ctime > INT_MAX / hz) { + error = EINVAL; + break; + } sc->sc_brttimeout = bparam->ifbrp_ctime; timeout_del(&sc->sc_brtimeout); if (bparam->ifbrp_ctime != 0) |