MFC r314715:

Reject invalid object types that can not be used with specific opcodes. When we doing reference counting of named objects in the new rule, for existing objects check that opcode references to correct object, otherwise return EINVAL. PR: 217391 (cherry picked from commit ef822e4aa0e77e166bb8d6d106ebe590df25ff58)
author: ae <ae@FreeBSD.org> 2017-03-13 08:04:25 +0000
committer: Luiz Souza <luiz@netgate.com> 2017-07-15 11:12:58 -0500
commit: 77840faf83cb76da257b9725df642fa331673a5f (patch)
tree: fbb0255f5b682f280a0748e8585ba43a7fd59ad6
parent: 04e589832a53bf1825cbef8eff60fb041f3d9aae (diff)
download: FreeBSD-src-77840faf83cb76da257b9725df642fa331673a5f.zip
FreeBSD-src-77840faf83cb76da257b9725df642fa331673a5f.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c
index 41f5735..7f199e7 100644
--- a/sys/netpfil/ipfw/ip_fw_sockopt.c
+++ b/sys/netpfil/ipfw/ip_fw_sockopt.c
@@ -2674,7 +2674,14 @@ ref_opcode_object(struct ip_fw_chain *ch, ipfw_insn *cmd, struct tid_info *ti,
 		return (0);
 	}
 
-	/* Found. Bump refcount and update kidx. */
+	/*
+	 * Object is already exist.
+	 * Its subtype should match with expected value.
+	 */
+	if (ti->type != no->subtype)
+		return (EINVAL);
+
+	/* Bump refcount and update kidx. */
 	no->refcnt++;
 	rw->update(cmd, no->kidx);
 	return (0);
author	ae <ae@FreeBSD.org>	2017-03-13 08:04:25 +0000
committer	Luiz Souza <luiz@netgate.com>	2017-07-15 11:12:58 -0500
commit	77840faf83cb76da257b9725df642fa331673a5f (patch)
tree	fbb0255f5b682f280a0748e8585ba43a7fd59ad6
parent	04e589832a53bf1825cbef8eff60fb041f3d9aae (diff)
download	FreeBSD-src-77840faf83cb76da257b9725df642fa331673a5f.zip FreeBSD-src-77840faf83cb76da257b9725df642fa331673a5f.tar.gz