diff options
| author | oleg <oleg@FreeBSD.org> | 2016-08-18 11:23:02 +0000 |
|---|---|---|
| committer | oleg <oleg@FreeBSD.org> | 2016-08-18 11:23:02 +0000 |
| commit | d27c7793825a2e0a187605c5c736b1b3c2639624 (patch) | |
| tree | fc32b24c15f3d65251b23e9198eee53aae3688d9 | |
| parent | 62a97a8c671863dcc3390c59e5a6437066464ab8 (diff) | |
| download | FreeBSD-src-d27c7793825a2e0a187605c5c736b1b3c2639624.zip FreeBSD-src-d27c7793825a2e0a187605c5c736b1b3c2639624.tar.gz | |
MFC r304154
Fix command: ipfw set (enable|disable) N (where N > 4).
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_sockopt.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c index 52dfe7c..43ff56a 100644 --- a/sys/netpfil/ipfw/ip_fw_sockopt.c +++ b/sys/netpfil/ipfw/ip_fw_sockopt.c @@ -1414,8 +1414,10 @@ manage_sets(struct ip_fw_chain *chain, ip_fw3_opheader *op3, if (rh->range.head.length != sizeof(ipfw_range_tlv)) return (1); - if (rh->range.set >= IPFW_MAX_SETS || - rh->range.new_set >= IPFW_MAX_SETS) + /* enable_sets() expects bitmasks. */ + if (op3->opcode != IP_FW_SET_ENABLE && + (rh->range.set >= IPFW_MAX_SETS || + rh->range.new_set >= IPFW_MAX_SETS)) return (EINVAL); ret = 0; |
