Index: sys/netpfil/pf/pf_ioctl.c =================================================================== --- sys/netpfil/pf/pf_ioctl.c +++ sys/netpfil/pf/pf_ioctl.c @@ -3873,7 +3873,6 @@ case DIOCRGETTABLES: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_table *pfrts; - size_t totlen; int n; if (io->pfrio_esize != sizeof(struct pfr_table)) { @@ -3889,8 +3888,6 @@ } io->pfrio_size = min(io->pfrio_size, n); - totlen = io->pfrio_size * sizeof(struct pfr_table); - pfrts = mallocarray(io->pfrio_size, sizeof(struct pfr_table), M_TEMP, M_NOWAIT); if (pfrts == NULL) { @@ -3901,8 +3898,10 @@ error = pfr_get_tables(&io->pfrio_table, pfrts, &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); PF_RULES_RUNLOCK(); - if (error == 0) - error = copyout(pfrts, io->pfrio_buffer, totlen); + if (error == 0) { + error = copyout(pfrts, io->pfrio_buffer, + io->pfrio_size * sizeof(struct pfr_table)); + } free(pfrts, M_TEMP); break; } @@ -3910,7 +3909,6 @@ case DIOCRGETTSTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_tstats *pfrtstats; - size_t totlen; int n; if (io->pfrio_esize != sizeof(struct pfr_tstats)) { @@ -3928,7 +3926,6 @@ } io->pfrio_size = min(io->pfrio_size, n); - totlen = io->pfrio_size * sizeof(struct pfr_tstats); pfrtstats = mallocarray(io->pfrio_size, sizeof(struct pfr_tstats), M_TEMP, M_NOWAIT); if (pfrtstats == NULL) { @@ -3942,7 +3939,8 @@ PF_RULES_RUNLOCK(); PF_TABLE_STATS_UNLOCK(); if (error == 0) - error = copyout(pfrtstats, io->pfrio_buffer, totlen); + error = copyout(pfrtstats, io->pfrio_buffer, + io->pfrio_size * sizeof(struct pfr_tstats)); free(pfrtstats, M_TEMP); break; } @@ -4148,7 +4146,6 @@ case DIOCRGETADDRS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_addr *pfras; - size_t totlen; if (io->pfrio_esize != sizeof(struct pfr_addr)) { error = ENODEV; @@ -4160,7 +4157,6 @@ error = EINVAL; break; } - totlen = io->pfrio_size * sizeof(struct pfr_addr); pfras = mallocarray(io->pfrio_size, sizeof(struct pfr_addr), M_TEMP, M_WAITOK); PF_RULES_RLOCK(); @@ -4168,7 +4164,8 @@ &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); PF_RULES_RUNLOCK(); if (error == 0) - error = copyout(pfras, io->pfrio_buffer, totlen); + error = copyout(pfras, io->pfrio_buffer, + io->pfrio_size * sizeof(struct pfr_addr)); free(pfras, M_TEMP); break; } @@ -4176,7 +4173,6 @@ case DIOCRGETASTATS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_astats *pfrastats; - size_t totlen; if (io->pfrio_esize != sizeof(struct pfr_astats)) { error = ENODEV; @@ -4188,7 +4184,6 @@ error = EINVAL; break; } - totlen = io->pfrio_size * sizeof(struct pfr_astats); pfrastats = mallocarray(io->pfrio_size, sizeof(struct pfr_astats), M_TEMP, M_WAITOK); PF_RULES_RLOCK(); @@ -4196,7 +4191,8 @@ &io->pfrio_size, io->pfrio_flags | PFR_FLAG_USERIOCTL); PF_RULES_RUNLOCK(); if (error == 0) - error = copyout(pfrastats, io->pfrio_buffer, totlen); + error = copyout(pfrastats, io->pfrio_buffer, + io->pfrio_size * sizeof(struct pfr_astats)); free(pfrastats, M_TEMP); break; } @@ -4681,7 +4677,6 @@ case DIOCIGETIFACES: { struct pfioc_iface *io = (struct pfioc_iface *)addr; struct pfi_kif *ifstore; - size_t bufsiz; if (io->pfiio_esize != sizeof(struct pfi_kif)) { error = ENODEV; @@ -4695,14 +4690,14 @@ break; } - bufsiz = io->pfiio_size * sizeof(struct pfi_kif); ifstore = mallocarray(io->pfiio_size, sizeof(struct pfi_kif), M_TEMP, M_WAITOK); PF_RULES_RLOCK(); pfi_get_ifaces(io->pfiio_name, ifstore, &io->pfiio_size); PF_RULES_RUNLOCK(); - error = copyout(ifstore, io->pfiio_buffer, bufsiz); + error = copyout(ifstore, io->pfiio_buffer, + io->pfiio_size * sizeof(struct pfi_kif)); free(ifstore, M_TEMP); break; }