diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2009-05-18 20:37:14 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2009-05-18 20:37:14 +0000 |
| commit | 24d31a5aef766e9feb1e419c01f3ce0cb1fce839 (patch) | |
| tree | c2e1d737c23f816292ee3db30386558a7376d3ef /sys/netinet/ip_input.c | |
| parent | a86f52df1b164dce52103854d9c0f6dcc01308e0 (diff) | |
The routing table index rtableid has type unsigned int in the routing
code. In pf rtableid == -1 means don't change the rtableid because
of this rule. So it has to be signed int there. Before the value
is passed from pf to route it is always checked to be >= 0. Change
the type to int in pf and to u_int in netinet and netinet6 to make
the checks work. Otherwise -1 may be used as an array index and
the kernel crashes.
ok henning@
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1e2d4792ef9..918b7516b4c 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.161 2008/12/24 07:41:59 dlg Exp $ */ +/* $OpenBSD: ip_input.c,v 1.162 2009/05/18 20:37:13 bluhm Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -222,7 +222,7 @@ ip_init() struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; struct route ipforward_rt; -int ipforward_rtableid; +u_int ipforward_rtableid; void ipintr() @@ -1400,7 +1400,8 @@ ip_forward(m, srcrt) struct ip *ip = mtod(m, struct ip *); struct sockaddr_in *sin; struct rtentry *rt; - int error, type = 0, code = 0, destmtu = 0, rtableid = 0; + int error, type = 0, code = 0, destmtu = 0; + u_int rtableid = 0; struct mbuf *mcopy; n_long dest; |