cvs commit: src/sys/netinet ip_fw2.c
Max Laier
mlaier at FreeBSD.org
Sun Jun 12 16:27:10 GMT 2005
mlaier 2005-06-12 16:27:10 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
Log:
When doing matching based on dst_ip/src_ip make sure we are really looking
on an IPv4 packet as these variables are uninitialized if not. This used to
allow arbitrary IPv6 packets depending on the value in the uninitialized
variables.
Some opcodes (most noteably O_REJECT) do not support IPv6 at all right now.
Reviewed by: brooks, glebius
Security: IPFW might pass IPv6 packets depending on stack contents.
Approved by: re (blanket)
Revision Changes Path
1.102 +13 -10 src/sys/netinet/ip_fw2.c
More information about the cvs-src
mailing list