After processing the O_SKIPTO opcode our cmd points to the next rule, and

"match" processing at the end of inner loop would look ahead into the next rule, which is incorrect. Particularly, in the case when the next rule started with F_NOT opcode it was skipped blindly. To fix this, exit the inner loop with the continue operator forcibly and explicitly. PR: kern/147798
author: glebius <glebius@FreeBSD.org> 2010-06-29 16:57:30 +0000
committer: glebius <glebius@FreeBSD.org> 2010-06-29 16:57:30 +0000
commit: 828edb743f1430cfeee934faaf3a3e4bc3d39339 (patch)
tree: 4dbd943ff94944473acd487b6209e350648be19b /sys/netinet
parent: 54217fc822cf166ce9329ac50c0c06e7e90fcfb3 (diff)
download: FreeBSD-src-828edb743f1430cfeee934faaf3a3e4bc3d39339.zip
FreeBSD-src-828edb743f1430cfeee934faaf3a3e4bc3d39339.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/netinet/ipfw/ip_fw2.c b/sys/netinet/ipfw/ip_fw2.c
index 959ad8e..db34ba6 100644
--- a/sys/netinet/ipfw/ip_fw2.c
+++ b/sys/netinet/ipfw/ip_fw2.c
@@ -2012,14 +2012,15 @@ do {								\
 				     (1 << chain->map[f_pos]->set));
 				    f_pos++)
 				;
-			    /* prepare to enter the inner loop */
+			    /* Re-enter the inner loop at the skipto rule. */
 			    f = chain->map[f_pos];
 			    l = f->cmd_len;
 			    cmd = f->cmd;
 			    match = 1;
 			    cmdlen = 0;
 			    skip_or = 0;
-			    break;
+			    continue;
+			    break;	/* not reached */
 
 			case O_REJECT:
 				/*
author	glebius <glebius@FreeBSD.org>	2010-06-29 16:57:30 +0000
committer	glebius <glebius@FreeBSD.org>	2010-06-29 16:57:30 +0000
commit	828edb743f1430cfeee934faaf3a3e4bc3d39339 (patch)
tree	4dbd943ff94944473acd487b6209e350648be19b /sys/netinet
parent	54217fc822cf166ce9329ac50c0c06e7e90fcfb3 (diff)
download	FreeBSD-src-828edb743f1430cfeee934faaf3a3e4bc3d39339.zip FreeBSD-src-828edb743f1430cfeee934faaf3a3e4bc3d39339.tar.gz