svn commit: r248971 - head/sys/netpfil/ipfw
Alexander V. Chernikov
melifaro at FreeBSD.org
Mon Apr 1 11:28:53 UTC 2013
Author: melifaro
Date: Mon Apr 1 11:28:52 2013
New Revision: 248971
URL: http://svnweb.freebsd.org/changeset/base/248971
Log:
Fix ipfw rule validation partially broken by r248552.
Pointed by: avg
MFC with: r248552
Modified:
head/sys/netpfil/ipfw/ip_fw_sockopt.c
Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_sockopt.c Mon Apr 1 10:45:35 2013 (r248970)
+++ head/sys/netpfil/ipfw/ip_fw_sockopt.c Mon Apr 1 11:28:52 2013 (r248971)
@@ -672,10 +672,6 @@ check_ipfw_struct(struct ip_fw *rule, in
case O_IPID:
case O_IPTTL:
case O_IPLEN:
- case O_DSCP:
- if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1)
- goto bad_size;
- break;
case O_TCPDATALEN:
case O_TCPWIN:
case O_TAGGED:
@@ -683,6 +679,11 @@ check_ipfw_struct(struct ip_fw *rule, in
goto bad_size;
break;
+ case O_DSCP:
+ if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1)
+ goto bad_size;
+ break;
+
case O_MAC_TYPE:
case O_IP_SRCPORT:
case O_IP_DSTPORT: /* XXX artificial limit, 30 port pairs */
More information about the svn-src-head
mailing list