d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix rule truncation on external action module unloading.

Browse Source 
Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
This commit is contained in:
Andrey V. Elsukov 2019-08-15 13:44:33 +00:00
parent 83129c0b65
commit 773a7e2224
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=351071
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/netpfil/ipfw/ip_fw_eaction.c
View File

@ -391,19 +391,19 @@ ipfw_reset_eaction(struct ip_fw_chain *ch, struct ip_fw *rule,
cmd->arg1 != eaction_id)
return (0);
/*
* If instance_id is specified, we need to truncate the
* rule length. Check if there is O_EXTERNAL_INSTANCE opcode.
* Check if there is O_EXTERNAL_INSTANCE opcode, we need
* to truncate the rule length.
*
* NOTE: F_LEN(cmd) must be 1 for O_EXTERNAL_ACTION opcode,
* and rule length should be enough to keep O_EXTERNAL_INSTANCE
* opcode, thus we do check for l > 1.
*/
l = rule->cmd + rule->cmd_len - cmd;
if (instance_id != 0 && l > 1) {
if (l > 1) {
MPASS(F_LEN(cmd) == 1);
icmd = cmd + 1;
if (icmd->opcode != O_EXTERNAL_INSTANCE ||
icmd->arg1 != instance_id)
if (icmd->opcode == O_EXTERNAL_INSTANCE &&
instance_id != 0 && icmd->arg1 != instance_id)
return (0);
/*
* Since named_object related to this instance will be