diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2007-02-03 23:26:41 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2007-02-03 23:26:41 +0000 |
commit | 4483f3cbf5e2083ba7db2b9ae8e3e09a11326b53 (patch) | |
tree | 366e9e9d690067fce849ce58f39df45e83e8a5c7 | |
parent | 2303d1c060738889a43617a5592a8fd05b8aba1d (diff) |
in decide_address_family(), only limit a rule to a specific address family
when ALL entries have this specific AF (when even just one entry has no
specific AF, use any). found by Maurice Janssen, ok henning@
-rw-r--r-- | sbin/pfctl/parse.y | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 5d1daccf9c6..ef5d77b6ec4 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.516 2006/11/07 01:12:01 mcbride Exp $ */ +/* $OpenBSD: parse.y,v 1.517 2007/02/03 23:26:40 dhartmei Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -5323,19 +5323,15 @@ mv_rules(struct pf_ruleset *src, struct pf_ruleset *dst) void decide_address_family(struct node_host *n, sa_family_t *af) { - sa_family_t target_af = 0; - - while (!*af && n != NULL) { - if (n->af) { - if (target_af == 0) - target_af = n->af; - if (target_af != n->af) - return; + if (*af != 0 || n == NULL) + return; + *af = n->af; + while ((n = n->next) != NULL) { + if (n->af != *af) { + *af = 0; + return; } - n = n->next; } - if (!*af && target_af) - *af = target_af; } void |