Date: Mon, 1 Apr 2013 11:28:52 +0000 (UTC) From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r248971 - head/sys/netpfil/ipfw Message-ID: <201304011128.r31BSqes041861@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: melifaro Date: Mon Apr 1 11:28:52 2013 New Revision: 248971 URL: http://svnweb.freebsd.org/changeset/base/248971 Log: Fix ipfw rule validation partially broken by r248552. Pointed by: avg MFC with: r248552 Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_sockopt.c Mon Apr 1 10:45:35 2013 (r248970) +++ head/sys/netpfil/ipfw/ip_fw_sockopt.c Mon Apr 1 11:28:52 2013 (r248971) @@ -672,10 +672,6 @@ check_ipfw_struct(struct ip_fw *rule, in case O_IPID: case O_IPTTL: case O_IPLEN: - case O_DSCP: - if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1) - goto bad_size; - break; case O_TCPDATALEN: case O_TCPWIN: case O_TAGGED: @@ -683,6 +679,11 @@ check_ipfw_struct(struct ip_fw *rule, in goto bad_size; break; + case O_DSCP: + if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1) + goto bad_size; + break; + case O_MAC_TYPE: case O_IP_SRCPORT: case O_IP_DSTPORT: /* XXX artificial limit, 30 port pairs */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304011128.r31BSqes041861>