diff options
| author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2004-12-14 20:16:38 +0000 |
|---|---|---|
| committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2004-12-14 20:16:38 +0000 |
| commit | 4d9ee37d934f1ef39b5f023e9d0c70df20f9955a (patch) | |
| tree | 027fe6d13d8b6d478c59b5d602431ae5a13828df | |
| parent | be7c3c4eea2b56cf0ae4b7fb64615f703b784c6d (diff) | |
&&/|| inversion would try to merge IP addresses with non-addresses into a
single table causing a ruleset load error and eventually a double-free.
bug report and testing from martin{AT}spamcop net
| -rw-r--r-- | sbin/pfctl/pfctl_optimize.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c index 221d8e7a2e4..2861351b8f0 100644 --- a/sbin/pfctl/pfctl_optimize.c +++ b/sbin/pfctl/pfctl_optimize.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_optimize.c,v 1.3 2004/12/14 17:03:49 frantzen Exp $ */ +/* $OpenBSD: pfctl_optimize.c,v 1.4 2004/12/14 20:16:37 frantzen Exp $ */ /* * Copyright (c) 2004 Mike Frantzen <frantzen@openbsd.org> @@ -1322,7 +1322,7 @@ addrs_equal(struct pf_rule_addr *a, struct pf_rule_addr *b) int addrs_combineable(struct pf_rule_addr *a, struct pf_rule_addr *b) { - if (a->addr.type != PF_ADDR_ADDRMASK && + if (a->addr.type != PF_ADDR_ADDRMASK || b->addr.type != PF_ADDR_ADDRMASK) return (0); if (a->neg != b->neg || a->port_op != b->port_op || |