Fix bug in filling and handling ipfw's O_DSCP opcode.

Due to integer overflow CS4 token was handled as BE. PR: 207459 MFC after: 1 week
2016-02-24 13:16:03 +00:00 · 2016-02-24 13:16:03 +00:00 · fbff7925a1
commit fbff7925a1
parent 96081091e7
2 changed files with 2 additions and 2 deletions
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@ -1029,7 +1029,7 @@ fill_dscp(ipfw_insn *cmd, char *av, int cblen)
 				errx(EX_DATAERR, "Invalid DSCP value");
 		}

-		if (code > 32)
+		if (code >= 32)
 			*high |= 1 << (code - 32);
 		else
 			*low |= 1 << code;
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@ -1711,7 +1711,7 @@ do {								\
 					break;

 				/* DSCP bitmask is stored as low_u32 high_u32 */
-				if (x > 32)
+				if (x >= 32)
 					match = *(p + 1) & (1 << (x - 32));
 				else
 					match = *p & (1 << x);