Properly initialize ipfw_range_tlv variable to fix possible EINVAL
in case when ipfw delete/zero/resetlog command issued for several rules in the loop. Also reorder some variables by size. PR: 218993 MFC after: 1 week
This commit is contained in:
parent
efa2501ed6
commit
df5be97c1a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=317663
@ -3187,15 +3187,14 @@ fill_flags_cmd(ipfw_insn *cmd, enum ipfw_opcodes opcode,
|
|||||||
void
|
void
|
||||||
ipfw_delete(char *av[])
|
ipfw_delete(char *av[])
|
||||||
{
|
{
|
||||||
|
ipfw_range_tlv rt;
|
||||||
|
char *sep;
|
||||||
int i, j;
|
int i, j;
|
||||||
int exitval = EX_OK;
|
int exitval = EX_OK;
|
||||||
int do_set = 0;
|
int do_set = 0;
|
||||||
char *sep;
|
|
||||||
ipfw_range_tlv rt;
|
|
||||||
|
|
||||||
av++;
|
av++;
|
||||||
NEED1("missing rule specification");
|
NEED1("missing rule specification");
|
||||||
memset(&rt, 0, sizeof(rt));
|
|
||||||
if ( *av && _substrcmp(*av, "set") == 0) {
|
if ( *av && _substrcmp(*av, "set") == 0) {
|
||||||
/* Do not allow using the following syntax:
|
/* Do not allow using the following syntax:
|
||||||
* ipfw set N delete set M
|
* ipfw set N delete set M
|
||||||
@ -3222,6 +3221,7 @@ ipfw_delete(char *av[])
|
|||||||
} else if (co.do_pipe) {
|
} else if (co.do_pipe) {
|
||||||
exitval = ipfw_delete_pipe(co.do_pipe, i);
|
exitval = ipfw_delete_pipe(co.do_pipe, i);
|
||||||
} else {
|
} else {
|
||||||
|
memset(&rt, 0, sizeof(rt));
|
||||||
if (do_set != 0) {
|
if (do_set != 0) {
|
||||||
rt.set = i & 31;
|
rt.set = i & 31;
|
||||||
rt.flags = IPFW_RCFLAG_SET;
|
rt.flags = IPFW_RCFLAG_SET;
|
||||||
@ -5157,18 +5157,17 @@ void
|
|||||||
ipfw_zero(int ac, char *av[], int optname)
|
ipfw_zero(int ac, char *av[], int optname)
|
||||||
{
|
{
|
||||||
ipfw_range_tlv rt;
|
ipfw_range_tlv rt;
|
||||||
uint32_t arg;
|
|
||||||
int failed = EX_OK;
|
|
||||||
char const *errstr;
|
char const *errstr;
|
||||||
char const *name = optname ? "RESETLOG" : "ZERO";
|
char const *name = optname ? "RESETLOG" : "ZERO";
|
||||||
|
uint32_t arg;
|
||||||
|
int failed = EX_OK;
|
||||||
|
|
||||||
optname = optname ? IP_FW_XRESETLOG : IP_FW_XZERO;
|
optname = optname ? IP_FW_XRESETLOG : IP_FW_XZERO;
|
||||||
memset(&rt, 0, sizeof(rt));
|
|
||||||
|
|
||||||
av++; ac--;
|
av++; ac--;
|
||||||
|
|
||||||
if (ac == 0) {
|
if (ac == 0) {
|
||||||
/* clear all entries */
|
/* clear all entries */
|
||||||
|
memset(&rt, 0, sizeof(rt));
|
||||||
rt.flags = IPFW_RCFLAG_ALL;
|
rt.flags = IPFW_RCFLAG_ALL;
|
||||||
if (do_range_cmd(optname, &rt) < 0)
|
if (do_range_cmd(optname, &rt) < 0)
|
||||||
err(EX_UNAVAILABLE, "setsockopt(IP_FW_X%s)", name);
|
err(EX_UNAVAILABLE, "setsockopt(IP_FW_X%s)", name);
|
||||||
@ -5186,6 +5185,7 @@ ipfw_zero(int ac, char *av[], int optname)
|
|||||||
if (errstr)
|
if (errstr)
|
||||||
errx(EX_DATAERR,
|
errx(EX_DATAERR,
|
||||||
"invalid rule number %s\n", *av);
|
"invalid rule number %s\n", *av);
|
||||||
|
memset(&rt, 0, sizeof(rt));
|
||||||
rt.start_rule = arg;
|
rt.start_rule = arg;
|
||||||
rt.end_rule = arg;
|
rt.end_rule = arg;
|
||||||
rt.flags |= IPFW_RCFLAG_RANGE;
|
rt.flags |= IPFW_RCFLAG_RANGE;
|
||||||
|
Loading…
Reference in New Issue
Block a user