From 078156d09d68fd3e443af4b9fcd563e033402ebb Mon Sep 17 00:00:00 2001 From: Luigi Rizzo Date: Mon, 24 Sep 2001 05:24:19 +0000 Subject: [PATCH] Fix a null pointer dereference introduced in the last commit, plus remove a useless assignment and move a comment. Submitted by: Thomas Moestl --- sys/netinet/ip_fw.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 81219dad7a8..1be4bf53d6b 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -1084,14 +1084,12 @@ ip_fw_chk(struct ip **pip, int hlen, last_pkt.flags = flags; if (*flow_id) { - /* Accept if passed first test */ - if (fw_one_pass) - return 0; /* * Packet has already been tagged. Look for the next rule * to restart processing. */ - chain = LIST_NEXT(*flow_id, next); + if (fw_one_pass) /* just accept if fw_one_pass is set */ + return 0; if ((chain = (*flow_id)->rule->next_rule_ptr) == NULL) chain = (*flow_id)->rule->next_rule_ptr = @@ -1416,8 +1414,8 @@ got_match: return(f->fw_divert_port | IP_FW_PORT_TEE_FLAG); #endif case IP_FW_F_SKIPTO: /* XXX check */ - if ( (chain = f->next_rule_ptr) == NULL ) - chain = lookup_next_rule(chain) ; + chain = f->next_rule_ptr ? f->next_rule_ptr : + lookup_next_rule(chain) ; if (! chain) goto dropit; goto again ;