diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2013-02-26 14:56:06 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2013-02-26 14:56:06 +0000 |
| commit | c07ee48d58400396f4756a3a842e375f8b0189c2 (patch) | |
| tree | 53077f7ff640745c5a90cffa1dfb890d8ad3c74d /sys/net | |
| parent | c91582606ce65934f50d66dddf285e5f00b32ff0 (diff) | |
Don't try to purge one-time rules from the main ruleset.
Reported by Wesley M.A. on misc@, ok deraadt
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf_ioctl.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 426d8eaac01..e8d8b34dc6e 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.256 2012/10/30 12:09:05 florian Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.257 2013/02/26 14:56:05 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -325,6 +325,9 @@ pf_purge_rule(struct pf_ruleset *ruleset, struct pf_rule *rule) { u_int32_t nr; + if (ruleset == NULL || ruleset->anchor == NULL) + return; + pf_rm_rule(ruleset->rules.active.ptr, rule); ruleset->rules.active.rcount--; |