diff options
author | mlaier <mlaier@FreeBSD.org> | 2006-07-21 09:48:13 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2006-07-21 09:48:13 +0000 |
commit | c5a85a2c6dae9e1d2981df373701ac0e05914ce2 (patch) | |
tree | 3de7145f5a7d77f53ed21c53809525c464eefcd5 /sys/contrib/pf | |
parent | 288a78f75639b72985ed0a47044c64362b7e864f (diff) | |
download | FreeBSD-src-c5a85a2c6dae9e1d2981df373701ac0e05914ce2.zip FreeBSD-src-c5a85a2c6dae9e1d2981df373701ac0e05914ce2.tar.gz |
Import from OpenBSD 1.168, dhartmei:
fix a bug in the input sanity check of DIOCCHANGERULE (not used by pfctl,
but third-party tools). a rule must have a non-empty replacement address
list when it's a translation rule but not an anchor call (i.e. "nat ...
->" needs a replacement address, but "nat-anchor ..." doesn't). the check
confused "rule is an anchor call" with "rule is defined within an anchor".
report from Michal Mertl, Max Laier.
Obtained from: OpenBSD
MFC after: 2 weeks
Diffstat (limited to 'sys/contrib/pf')
-rw-r--r-- | sys/contrib/pf/net/pf_ioctl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c index 149333d..715b541 100644 --- a/sys/contrib/pf/net/pf_ioctl.c +++ b/sys/contrib/pf/net/pf_ioctl.c @@ -1,5 +1,6 @@ /* $FreeBSD$ */ -/* $OpenBSD: pf_ioctl.c,v 1.139 2005/03/03 07:13:39 dhartmei Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.139 2005/03/03 07:13:39 dhartmei Exp $ */ +/* add: $OpenBSD: pf_ioctl.c,v 1.168 2006/07/21 01:21:17 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1815,7 +1816,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct proc *p) (newrule->action == PF_RDR) || (newrule->action == PF_BINAT) || (newrule->rt > PF_FASTROUTE)) && - !pcr->anchor[0])) && + !newrule->anchor)) && (TAILQ_FIRST(&newrule->rpool.list) == NULL)) error = EINVAL; |