HomeFreeBSD

pf: Improve pf_rule input validation

Description

pf: Improve pf_rule input validation

Move the validation checks to pf_rule_to_krule() to reduce duplication.
This also makes the checks consistent across different ioctls.

Reported-by: syzbot+e9632d7ad17398f0bd8f@syzkaller.appspotmail.com
Reviewed by: tuexen@, donner@
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28362

Details

Provenance
kpAuthored on Jan 26 2021, 7:56 AM
Differential Revision
D28362: pf: Improve pf_rule input validation
Parents
rG5c325977b113: cache: add missing MNT_NOSYMFOLLOW check to symlink traversal
Branches
Unknown
Tags
Unknown