Fix ipfw rule validation partially broken by r248552.

Pointed by: avg MFC with: r248552
author: melifaro <melifaro@FreeBSD.org> 2013-04-01 11:28:52 +0000
committer: melifaro <melifaro@FreeBSD.org> 2013-04-01 11:28:52 +0000
commit: bbeb8a5ba24854200f7dc281c96e05b1524f9cf8 (patch)
tree: 4bcdee108e72e43b38bf5363f16e7421b999c9b5 /sys/netpfil
parent: 060b76c80320d06783ff631ada0fc18b70dcab91 (diff)
download: FreeBSD-src-bbeb8a5ba24854200f7dc281c96e05b1524f9cf8.zip
FreeBSD-src-bbeb8a5ba24854200f7dc281c96e05b1524f9cf8.tar.gz
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c
index 8008bcd..64f09a5 100644
--- a/sys/netpfil/ipfw/ip_fw_sockopt.c
+++ b/sys/netpfil/ipfw/ip_fw_sockopt.c
@@ -672,10 +672,6 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 		case O_IPID:
 		case O_IPTTL:
 		case O_IPLEN:
-		case O_DSCP:
-			if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1)
-				goto bad_size;
-			break;
 		case O_TCPDATALEN:
 		case O_TCPWIN:
 		case O_TAGGED:
@@ -683,6 +679,11 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 				goto bad_size;
 			break;
 
+		case O_DSCP:
+			if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1)
+				goto bad_size;
+			break;
+
 		case O_MAC_TYPE:
 		case O_IP_SRCPORT:
 		case O_IP_DSTPORT: /* XXX artificial limit, 30 port pairs */
author	melifaro <melifaro@FreeBSD.org>	2013-04-01 11:28:52 +0000
committer	melifaro <melifaro@FreeBSD.org>	2013-04-01 11:28:52 +0000
commit	bbeb8a5ba24854200f7dc281c96e05b1524f9cf8 (patch)
tree	4bcdee108e72e43b38bf5363f16e7421b999c9b5 /sys/netpfil
parent	060b76c80320d06783ff631ada0fc18b70dcab91 (diff)
download	FreeBSD-src-bbeb8a5ba24854200f7dc281c96e05b1524f9cf8.zip FreeBSD-src-bbeb8a5ba24854200f7dc281c96e05b1524f9cf8.tar.gz