diff options
| -rw-r--r-- | sys/net/pf_ioctl.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index c8c29cf6097..79d78dd7eaf 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.55 2003/04/05 20:24:58 cedric Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.56 2003/04/07 13:44:22 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -55,6 +55,7 @@ #include <netinet/in_systm.h> #include <netinet/ip.h> #include <netinet/ip_var.h> +#include <netinet/ip_icmp.h> #include <net/pfvar.h> @@ -548,6 +549,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EINVAL; break; } + if (pr->rule.return_icmp >> 8 > ICMP_MAXTYPE) { + error = EINVAL; + break; + } if (pr->ticket != ruleset->rules[rs_num].inactive.ticket) { error = EBUSY; break; @@ -778,6 +783,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EINVAL; break; } + if (pcr->rule.return_icmp >> 8 > ICMP_MAXTYPE) { + error = EINVAL; + break; + } } if (pcr->action != PF_CHANGE_REMOVE) { |