diff options
| author | ae <ae@FreeBSD.org> | 2017-03-13 08:04:25 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2017-03-13 08:04:25 +0000 |
| commit | ef822e4aa0e77e166bb8d6d106ebe590df25ff58 (patch) | |
| tree | 9a959b594a8b72f9b27fae9432476f2ce65d2514 | |
| parent | d6704e681f0dca3dcdefa1b187552cc26f271cb7 (diff) | |
| download | FreeBSD-src-ef822e4aa0e77e166bb8d6d106ebe590df25ff58.zip FreeBSD-src-ef822e4aa0e77e166bb8d6d106ebe590df25ff58.tar.gz | |
MFC r314715:
Reject invalid object types that can not be used with specific opcodes.
When we doing reference counting of named objects in the new rule,
for existing objects check that opcode references to correct object,
otherwise return EINVAL.
PR: 217391
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_sockopt.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c index ec90605..003f0a9 100644 --- a/sys/netpfil/ipfw/ip_fw_sockopt.c +++ b/sys/netpfil/ipfw/ip_fw_sockopt.c @@ -2662,7 +2662,14 @@ ref_opcode_object(struct ip_fw_chain *ch, ipfw_insn *cmd, struct tid_info *ti, return (0); } - /* Found. Bump refcount and update kidx. */ + /* + * Object is already exist. + * Its subtype should match with expected value. + */ + if (ti->type != no->subtype) + return (EINVAL); + + /* Bump refcount and update kidx. */ no->refcnt++; rw->update(cmd, no->kidx); return (0); |
