K 10
svn:author
V 5
markj
K 8
svn:date
V 27
2021-12-06T14:19:21.891439Z
K 7
svn:log
V 672
dummynet: Fix socket option length validation for IP_DUMMYNET3

The socket option handler tries to ensure that the option length is no
larger than some reasonable maximum, and no smaller than sizeof(struct
dn_id).  But the loaded option length is stored in an int, which is
converted to an unsigned integer for the comparison with a size_t, so
negative values are not caught and instead get passed to malloc().

Change the code to use a size_t for the buffer size.

Reviewed by:	kp
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 1c732c85911eb9e39071cbdb50dfb1f0d76de40f)

Git Hash:   3f22f161b936b6279a68d6e9439b30f2abb50cad
Git Author: markj@FreeBSD.org
END