diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2019-02-18 13:11:45 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2019-02-18 13:11:45 +0000 |
| commit | eb2ef85dc6e63b8f2819256c12559a69f528fea5 (patch) | |
| tree | 5f196c9d5605c9c7afa23f1437f30f650d3a57cb /sys/net/pf_ioctl.c | |
| parent | 1c77d48cef6cfdd244d5009e27be22dbb488b2b9 (diff) | |
Change ps_len of struct pfioc_states and psn_len of struct
pfioc_src_nodes to size_t. This avoids integer truncation by casts
to unsigned. As the types of DIOCGETSTATES and DIOCGETSRCNODES
ioctl(2) arguments change, pfctl(8) and systat(1) should be updated
together with the kernel. Calculate number of pf(4) states as
size_t in userland.
OK sashan@ deraadt@
Diffstat (limited to 'sys/net/pf_ioctl.c')
| -rw-r--r-- | sys/net/pf_ioctl.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 5220cd02ed0..633df3d99b9 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.342 2018/12/27 16:54:01 kn Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.343 2019/02/18 13:11:44 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1732,7 +1732,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) state = TAILQ_FIRST(&state_list); while (state) { if (state->timeout != PFTM_UNLINKED) { - if ((nr+1) * sizeof(*p) > (unsigned)ps->ps_len) + if ((nr+1) * sizeof(*p) > ps->ps_len) break; pf_state_export(pstore, state); error = copyout(pstore, p, sizeof(*p)); @@ -2545,7 +2545,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) struct pfioc_src_nodes *psn = (struct pfioc_src_nodes *)addr; struct pf_src_node *n, *p, *pstore; u_int32_t nr = 0; - int space = psn->psn_len; + size_t space = psn->psn_len; PF_LOCK(); if (space == 0) { @@ -2562,7 +2562,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) RB_FOREACH(n, pf_src_tree, &tree_src_tracking) { int secs = time_uptime, diff; - if ((nr + 1) * sizeof(*p) > (unsigned)psn->psn_len) + if ((nr + 1) * sizeof(*p) > psn->psn_len) break; memcpy(pstore, n, sizeof(*pstore)); |