From owner-svn-src-stable@freebsd.org  Mon Mar 13 08:04:26 2017
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6CD10D0AF02;
 Mon, 13 Mar 2017 08:04:26 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3BFB51178;
 Mon, 13 Mar 2017 08:04:26 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2D84PSl027899;
 Mon, 13 Mar 2017 08:04:25 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2D84PPu027898;
 Mon, 13 Mar 2017 08:04:25 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201703130804.v2D84PPu027898@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Mon, 13 Mar 2017 08:04:25 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r315191 - stable/11/sys/netpfil/ipfw
X-SVN-Group: stable-11
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 08:04:26 -0000

Author: ae
Date: Mon Mar 13 08:04:25 2017
New Revision: 315191
URL: https://svnweb.freebsd.org/changeset/base/315191

Log:
  MFC r314715:
    Reject invalid object types that can not be used with specific opcodes.
  
    When we doing reference counting of named objects in the new rule,
    for existing objects check that opcode references to correct object,
    otherwise return EINVAL.
  
    PR:		217391

Modified:
  stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c	Mon Mar 13 07:45:15 2017	(r315190)
+++ stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c	Mon Mar 13 08:04:25 2017	(r315191)
@@ -2662,7 +2662,14 @@ ref_opcode_object(struct ip_fw_chain *ch
 		return (0);
 	}
 
-	/* Found. Bump refcount and update kidx. */
+	/*
+	 * Object is already exist.
+	 * Its subtype should match with expected value.
+	 */
+	if (ti->type != no->subtype)
+		return (EINVAL);
+
+	/* Bump refcount and update kidx. */
 	no->refcnt++;
 	rw->update(cmd, no->kidx);
 	return (0);