Clone Tools
  • last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
pf: Improve input validation

pf: Do not allow negative ps_len in DIOCGETSTATES

Avoid potential structure padding leak

Avoid potential structure padding leak.

pf: limit ioctl to a reasonable and tuneable number of elements

pf ioctls frequently take a variable number of elements as argument.

This can potentially allow users to request very large allocations.

These will fail, but even a failing M_NOWAIT might tie up resources

and result in concurrent M_WAITOK allocations entering vm_wait and

inducing reclamation of caches.

Limit these ioctls to what should be a reasonable value, but allow

users to tune it should they need to.

  1. … 1 more file in changeset.
Sync with freebsd

  1. … 276 more files in changeset.
sync with freebsd 10

  1. … 14 more files in changeset.