From owner-svn-src-all@FreeBSD.ORG Thu Jul 8 12:20:15 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3F5B106566B; Thu, 8 Jul 2010 12:20:15 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C2CD68FC1A; Thu, 8 Jul 2010 12:20:15 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o68CKF1w008461; Thu, 8 Jul 2010 12:20:15 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o68CKF03008459; Thu, 8 Jul 2010 12:20:15 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201007081220.o68CKF03008459@svn.freebsd.org> From: Gleb Smirnoff Date: Thu, 8 Jul 2010 12:20:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r209795 - stable/8/sys/netinet/ipfw X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2010 12:20:15 -0000 Author: glebius Date: Thu Jul 8 12:20:15 2010 New Revision: 209795 URL: http://svn.freebsd.org/changeset/base/209795 Log: Merge 209589 from head: After processing the O_SKIPTO opcode our cmd points to the next rule, and "match" processing at the end of inner loop would look ahead into the next rule, which is incorrect. Particularly, in the case when the next rule started with F_NOT opcode it was skipped blindly. To fix this, exit the inner loop with the continue operator forcibly and explicitly. PR: kern/147798 Modified: stable/8/sys/netinet/ipfw/ip_fw2.c Modified: stable/8/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- stable/8/sys/netinet/ipfw/ip_fw2.c Thu Jul 8 11:21:11 2010 (r209794) +++ stable/8/sys/netinet/ipfw/ip_fw2.c Thu Jul 8 12:20:15 2010 (r209795) @@ -2012,14 +2012,15 @@ do { \ (1 << chain->map[f_pos]->set)); f_pos++) ; - /* prepare to enter the inner loop */ + /* Re-enter the inner loop at the skipto rule. */ f = chain->map[f_pos]; l = f->cmd_len; cmd = f->cmd; match = 1; cmdlen = 0; skip_or = 0; - break; + continue; + break; /* not reached */ case O_REJECT: /*