ipfw

Oleg Bulyzhin Mon, 15 Aug 2016 06:06:59 -0700

Author: oleg
Date: Mon Aug 15 13:06:29 2016
New Revision: 304154
URL: https://svnweb.freebsd.org/changeset/base/304154


Log:
  Fix command: ipfw set (enable|disable) N (where N > 4).
  enable_sets() expects set bitmasks, not set numbers.
  
  MFC after:    3 days

Modified:
  head/sys/netpfil/ipfw/ip_fw_sockopt.c

Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_sockopt.c       Mon Aug 15 12:56:45 2016        
(r304153)
+++ head/sys/netpfil/ipfw/ip_fw_sockopt.c       Mon Aug 15 13:06:29 2016        
(r304154)
@@ -1420,8 +1420,10 @@ manage_sets(struct ip_fw_chain *chain, i
 
        if (rh->range.head.length != sizeof(ipfw_range_tlv))
                return (1);
-       if (rh->range.set >= IPFW_MAX_SETS ||
-           rh->range.new_set >= IPFW_MAX_SETS)
+       /* enable_sets() expects bitmasks. */
+       if (op3->opcode != IP_FW_SET_ENABLE &&
+           (rh->range.set >= IPFW_MAX_SETS ||
+           rh->range.new_set >= IPFW_MAX_SETS))
                return (EINVAL);
 
        ret = 0;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r304154 - head/sys/netpfil/ipfw

Reply via email to