summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2005-05-23 20:47:03 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2005-05-23 20:47:03 +0000
commite83afbbd53aaddd2c6129d17f61ae230ee9f36a1 (patch)
treedd0ac9221167d99ab4a0835c28d57762087e49f9 /sys
parent33fb629c21c3cc2a4a3c61865206cdbf3ec102d5 (diff)
don't deny access to "special" tables in get_addrs
with this, when you know their name you can list their contents with pfctl ok ryan
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf_table.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c
index 621809a3b0e..f456dc9e1c4 100644
--- a/sys/net/pf_table.c
+++ b/sys/net/pf_table.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_table.c,v 1.62 2004/12/07 18:02:04 mcbride Exp $ */
+/* $OpenBSD: pf_table.c,v 1.63 2005/05/23 20:47:02 henning Exp $ */
/*
* Copyright (c) 2002 Cedric Berger
@@ -560,11 +560,10 @@ pfr_get_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int *size,
struct pfr_walktree w;
int rv;
- ACCEPT_FLAGS(0);
if (pfr_validate_table(tbl, 0, 0))
return (EINVAL);
kt = pfr_lookup_table(tbl);
- if (kt == NULL || !(kt->pfrkt_flags & PFR_TFLAG_ACTIVE))
+ if (kt == NULL)
return (ESRCH);
if (kt->pfrkt_cnt > *size) {
*size = kt->pfrkt_cnt;