Date: Thu, 18 Aug 2016 11:23:02 +0000 (UTC) From: Oleg Bulyzhin <oleg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r304415 - stable/11/sys/netpfil/ipfw Message-ID: <201608181123.u7IBN2xw042631@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: oleg Date: Thu Aug 18 11:23:02 2016 New Revision: 304415 URL: https://svnweb.freebsd.org/changeset/base/304415 Log: MFC r304154 Fix command: ipfw set (enable|disable) N (where N > 4). Modified: stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c Modified: stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c Thu Aug 18 11:17:36 2016 (r304414) +++ stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c Thu Aug 18 11:23:02 2016 (r304415) @@ -1414,8 +1414,10 @@ manage_sets(struct ip_fw_chain *chain, i if (rh->range.head.length != sizeof(ipfw_range_tlv)) return (1); - if (rh->range.set >= IPFW_MAX_SETS || - rh->range.new_set >= IPFW_MAX_SETS) + /* enable_sets() expects bitmasks. */ + if (op3->opcode != IP_FW_SET_ENABLE && + (rh->range.set >= IPFW_MAX_SETS || + rh->range.new_set >= IPFW_MAX_SETS)) return (EINVAL); ret = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608181123.u7IBN2xw042631>