d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix ipfw rule validation partially broken by r248552.

Browse Source 
Pointed by:	avg
MFC with:	r248552
This commit is contained in:
Alexander V. Chernikov 2013-04-01 11:28:52 +00:00
parent c686ee4685
commit 4037b82802
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys/netpfil/ipfw/ip_fw_sockopt.c
View File

@ -672,10 +672,6 @@ check_ipfw_struct(struct ip_fw *rule, int size)
case O_IPID:
case O_IPTTL:
case O_IPLEN:
case O_DSCP:
if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1)
goto bad_size;
break;
case O_TCPDATALEN:
case O_TCPWIN:
case O_TAGGED:
@ -683,6 +679,11 @@ check_ipfw_struct(struct ip_fw *rule, int size)
goto bad_size;
break;
case O_DSCP:
if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1)
goto bad_size;
break;
case O_MAC_TYPE:
case O_IP_SRCPORT:
case O_IP_DSTPORT: /* XXX artificial limit, 30 port pairs */