diff options
author | ae <ae@FreeBSD.org> | 2016-03-02 13:38:21 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2016-03-02 13:38:21 +0000 |
commit | 3b4b162df0228ed74a1e63eccc7315071254344f (patch) | |
tree | fee6f0b494e39f4c7a4ca867cc1da7e2ed4394fd | |
parent | c297413491e7dd2dd41bab0b4f0c62d35804211c (diff) | |
download | FreeBSD-src-3b4b162df0228ed74a1e63eccc7315071254344f.zip FreeBSD-src-3b4b162df0228ed74a1e63eccc7315071254344f.tar.gz |
MFC r295969:
Fix bug in filling and handling ipfw's O_DSCP opcode.
Due to integer overflow CS4 token was handled as BE.
PR: 207459
Approved by: re (gjb)
-rw-r--r-- | sbin/ipfw/ipfw2.c | 2 | ||||
-rw-r--r-- | sys/netpfil/ipfw/ip_fw2.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index ff8395d..f585ded 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -779,7 +779,7 @@ fill_dscp(ipfw_insn *cmd, char *av, int cblen) errx(EX_DATAERR, "Invalid DSCP value"); } - if (code > 32) + if (code >= 32) *high |= 1 << (code - 32); else *low |= 1 << code; diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 764696c..712c675 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -1678,7 +1678,7 @@ do { \ break; /* DSCP bitmask is stored as low_u32 high_u32 */ - if (x > 32) + if (x >= 32) match = *(p + 1) & (1 << (x - 32)); else match = *p & (1 << x); |