D53278.1777106475.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D53278.1777106475.diff
View Options

	diff --git a/sbin/ipf/libipf/interror.c b/sbin/ipf/libipf/interror.c
	--- a/sbin/ipf/libipf/interror.c
	+++ b/sbin/ipf/libipf/interror.c
	@@ -358,6 +358,7 @@
	{ 60074, "unknown next address type (ipv6)" },
	{ 60075, "one object at a time must be copied" },
	{ 60076, "NAT ioctl denied in jail without VNET" },
	+ { 60077, "NAT length of interface name is incorrect"},
	/* -------------------------------------------------------------------------- */
	{ 70001, "incorrect object size to get pool stats" },
	{ 70002, "could not malloc memory for new pool node" },
	diff --git a/sys/netpfil/ipfilter/netinet/ip_nat.c b/sys/netpfil/ipfilter/netinet/ip_nat.c
	--- a/sys/netpfil/ipfilter/netinet/ip_nat.c
	+++ b/sys/netpfil/ipfilter/netinet/ip_nat.c
	@@ -1543,6 +1543,10 @@
	/*
	* Initialise all of the address fields.
	*/
	+ if (strnlen(n->in_names, LIFNAMSIZ) > n->in_namelen && n->in_namelen >= LIFNAMSIZ) {
	+ IPFERROR(60077);
	+ return (EINVAL);
	+ }
	error = ipf_nat_nextaddrinit(softc, n->in_names, &n->in_osrc, 1,
	n->in_ifps[idx]);
	if (error != 0)