From owner-cvs-all@FreeBSD.ORG Sun Jun 12 16:27:10 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB5D116A41C; Sun, 12 Jun 2005 16:27:10 +0000 (GMT) (envelope-from mlaier@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 725C743D1F; Sun, 12 Jun 2005 16:27:10 +0000 (GMT) (envelope-from mlaier@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j5CGRAFg090004; Sun, 12 Jun 2005 16:27:10 GMT (envelope-from mlaier@repoman.freebsd.org) Received: (from mlaier@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j5CGRAMe090003; Sun, 12 Jun 2005 16:27:10 GMT (envelope-from mlaier) Message-Id: <200506121627.j5CGRAMe090003@repoman.freebsd.org> From: Max Laier Date: Sun, 12 Jun 2005 16:27:10 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/sys/netinet ip_fw2.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jun 2005 16:27:10 -0000 mlaier 2005-06-12 16:27:10 UTC FreeBSD src repository Modified files: sys/netinet ip_fw2.c Log: When doing matching based on dst_ip/src_ip make sure we are really looking on an IPv4 packet as these variables are uninitialized if not. This used to allow arbitrary IPv6 packets depending on the value in the uninitialized variables. Some opcodes (most noteably O_REJECT) do not support IPv6 at all right now. Reviewed by: brooks, glebius Security: IPFW might pass IPv6 packets depending on stack contents. Approved by: re (blanket) Revision Changes Path 1.102 +13 -10 src/sys/netinet/ip_fw2.c