Date: Sun, 12 Jun 2005 16:27:10 +0000 (UTC) From: Max Laier <mlaier@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <200506121627.j5CGRAMe090003@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
mlaier 2005-06-12 16:27:10 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
Log:
When doing matching based on dst_ip/src_ip make sure we are really looking
on an IPv4 packet as these variables are uninitialized if not. This used to
allow arbitrary IPv6 packets depending on the value in the uninitialized
variables.
Some opcodes (most noteably O_REJECT) do not support IPv6 at all right now.
Reviewed by: brooks, glebius
Security: IPFW might pass IPv6 packets depending on stack contents.
Approved by: re (blanket)
Revision Changes Path
1.102 +13 -10 src/sys/netinet/ip_fw2.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506121627.j5CGRAMe090003>