diff options
| author |   gnezdo <gnezdo@openbsd.org> | 2020-08-24 16:40:07 +0000 |
|---|---|---|
| committer | gnezdo <gnezdo@openbsd.org> | 2020-08-24 16:40:07 +0000 |
| commit | 3eea75c8139cb65ed749d80c6c8097bb7fa05c53 (patch) | |
| tree | 2c6c0be71a8eb5d25eba9f619f98856c33f8e137 | |
| parent | Convert divert*_sysctl to sysctl_bounded_args (diff) | |
| download | wireguard-openbsd-3eea75c8139cb65ed749d80c6c8097bb7fa05c53.tar.xz wireguard-openbsd-3eea75c8139cb65ed749d80c6c8097bb7fa05c53.zip | |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
| -rw-r--r-- | sys/netinet6/in6.h | 59 | ||||
| -rw-r--r-- | sys/netinet6/ip6_input.c | 25 |
2 files changed, 22 insertions, 62 deletions
diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index 5e51cbb17b8..310bf6c3fef 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in6.h,v 1.106 2020/06/24 22:03:44 cheloha Exp $ */ +/* $OpenBSD: in6.h,v 1.107 2020/08/24 16:40:07 gnezdo Exp $ */ /* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */ /* @@ -653,63 +653,6 @@ ifatoia6(struct ifaddr *ifa) { "soiikey", CTLTYPE_STRING }, /* binary string */ \ } -#define IPV6CTL_VARS { \ - NULL, \ - &ip6_forwarding, \ - &ip6_sendredirects, \ - &ip6_defhlim, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - &ip6_maxfragpackets, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - &ip6_log_interval, \ - &ip6_hdrnestlimit, \ - &ip6_dad_count, \ - &ip6_auto_flowlabel, \ - &ip6_defmcasthlim, \ - NULL, \ - NULL, \ - &ip6_use_deprecated, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - &ip6_maxfrags, \ - &ip6_mforwarding, \ - &ip6_multipath, \ - &ip6_mcast_pmtu, \ - &ip6_neighborgcthresh, \ - NULL, \ - NULL, \ - &ip6_maxdynroutes, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ - NULL, \ -} - __BEGIN_DECLS struct cmsghdr; diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 146ff6a52b7..1421a433a16 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.228 2020/08/08 07:42:31 florian Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.229 2020/08/24 16:40:07 gnezdo Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -1334,7 +1334,24 @@ const u_char inet6ctlerrmap[PRC_NCMDS] = { ENOPROTOOPT }; -int *ipv6ctl_vars[IPV6CTL_MAXID] = IPV6CTL_VARS; +const struct sysctl_bounded_args ipv6ctl_vars[] = { + { IPV6CTL_FORWARDING, &ip6_forwarding, 0, 1 }, + { IPV6CTL_SENDREDIRECTS, &ip6_sendredirects, 0, 1 }, + { IPV6CTL_DEFHLIM, &ip6_defhlim, 0, 255 }, + { IPV6CTL_MAXFRAGPACKETS, &ip6_maxfragpackets, 0, 1000 }, + { IPV6CTL_LOG_INTERVAL, &ip6_log_interval, 0, INT_MAX }, + { IPV6CTL_HDRNESTLIMIT, &ip6_hdrnestlimit, 0, 100 }, + { IPV6CTL_DAD_COUNT, &ip6_dad_count, 0, 10 }, + { IPV6CTL_AUTO_FLOWLABEL, &ip6_auto_flowlabel, 0, 1 }, + { IPV6CTL_DEFMCASTHLIM, &ip6_defmcasthlim, 0, 255 }, + { IPV6CTL_USE_DEPRECATED, &ip6_use_deprecated, 0, 1 }, + { IPV6CTL_MAXFRAGS, &ip6_maxfrags, 0, 1000 }, + { IPV6CTL_MFORWARDING, &ip6_mforwarding, 0, 1 }, + { IPV6CTL_MULTIPATH, &ip6_multipath, 0, 1 }, + { IPV6CTL_MCAST_PMTU, &ip6_mcast_pmtu, 0, 1 }, + { IPV6CTL_NEIGHBORGCTHRESH, &ip6_neighborgcthresh, -1, 5 * 2048 }, + { IPV6CTL_MAXDYNROUTES, &ip6_maxdynroutes, -1, 5 * 4096 }, +}; int ip6_sysctl_ip6stat(void *oldp, size_t *oldlenp, void *newp) @@ -1437,8 +1454,8 @@ ip6_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, return (ip6_sysctl_soiikey(oldp, oldlenp, newp, newlen)); default: NET_LOCK(); - error = sysctl_int_arr(ipv6ctl_vars, nitems(ipv6ctl_vars), name, - namelen, oldp, oldlenp, newp, newlen); + error = sysctl_bounded_arr(ipv6ctl_vars, nitems(ipv6ctl_vars), + name, namelen, oldp, oldlenp, newp, newlen); NET_UNLOCK(); return (error); } |