diff options
-rw-r--r-- | sys/netpfil/ipfw/ip_fw_sockopt.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c index 41f5735..7f199e7 100644 --- a/sys/netpfil/ipfw/ip_fw_sockopt.c +++ b/sys/netpfil/ipfw/ip_fw_sockopt.c @@ -2674,7 +2674,14 @@ ref_opcode_object(struct ip_fw_chain *ch, ipfw_insn *cmd, struct tid_info *ti, return (0); } - /* Found. Bump refcount and update kidx. */ + /* + * Object is already exist. + * Its subtype should match with expected value. + */ + if (ti->type != no->subtype) + return (EINVAL); + + /* Bump refcount and update kidx. */ no->refcnt++; rw->update(cmd, no->kidx); return (0); |