svn commit: r273274 - head/sys/netpfil/ipfw
Alexander V. Chernikov
melifaro at FreeBSD.org
Sun Oct 19 11:15:20 UTC 2014
Author: melifaro
Date: Sun Oct 19 11:15:19 2014
New Revision: 273274
URL: https://svnweb.freebsd.org/changeset/base/273274
Log:
Perform more checks on the number of tables supplied by user.
Modified:
head/sys/netpfil/ipfw/ip_fw_table.c
Modified: head/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table.c Sun Oct 19 11:06:54 2014 (r273273)
+++ head/sys/netpfil/ipfw/ip_fw_table.c Sun Oct 19 11:15:19 2014 (r273274)
@@ -1489,6 +1489,21 @@ destroy_table(struct ip_fw_chain *ch, st
return (0);
}
+static uint32_t
+roundup2p(uint32_t v)
+{
+
+ v--;
+ v |= v >> 1;
+ v |= v >> 2;
+ v |= v >> 4;
+ v |= v >> 8;
+ v |= v >> 16;
+ v++;
+
+ return (v);
+}
+
/*
* Grow tables index.
*
@@ -1505,8 +1520,12 @@ ipfw_resize_tables(struct ip_fw_chain *c
int i, new_blocks;
/* Check new value for validity */
+ if (ntables == 0)
+ return (EINVAL);
if (ntables > IPFW_TABLES_MAX)
ntables = IPFW_TABLES_MAX;
+ /* Alight to nearest power of 2 */
+ ntables = (unsigned int)roundup2p(ntables);
/* Allocate new pointers */
tablestate = malloc(ntables * sizeof(struct table_info),
More information about the svn-src-all
mailing list