diff options
| author |   deraadt <deraadt@openbsd.org> | 2004-12-06 02:41:43 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2004-12-06 02:41:43 +0000 |
| commit | ba5fdea6253f57d5c2483336269f7a334b50b687 (patch) | |
| tree | 91a65fd407a2e8abe499824109df31671e4076ab | |
| parent | Pass the proper type for the third argument to cvs_sendreq() (diff) | |
| download | wireguard-openbsd-ba5fdea6253f57d5c2483336269f7a334b50b687.tar.xz wireguard-openbsd-ba5fdea6253f57d5c2483336269f7a334b50b687.zip | |
ipsec udpencap check was done after baddynamicports ports checks (those
tables only map from 512 to 1023 using bitmaps, sorry); ok hshoexer
| -rw-r--r-- | sys/netinet/in_pcb.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index ce0e12f31b4..da7458a4426 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.81 2004/11/23 15:35:36 markus Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.82 2004/12/06 02:41:43 deraadt Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -155,17 +155,19 @@ in_baddynamic(port, proto) u_int16_t proto; { - if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED) - return (0); switch (proto) { case IPPROTO_TCP: + if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED) + return (0); return (DP_ISSET(baddynamicports.tcp, port)); case IPPROTO_UDP: #ifdef IPSEC if (port == udpencap_port) return (1); #endif + if (port < IPPORT_RESERVED/2 || port >= IPPORT_RESERVED) + return (0); return (DP_ISSET(baddynamicports.udp, port)); default: return (0); |