From 144ff59af8587a402d834c0527392531468fe2de Mon Sep 17 00:00:00 2001
From: ae <ae@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Wed, 2 Mar 2016 13:54:43 +0000
Subject: [PATCH] MFC r295969:   Fix bug in filling and handling ipfw's O_DSCP
 opcode.   Due to integer overflow CS4 token was handled as BE.

  PR:		207459


git-svn-id: svn://svn.freebsd.org/base/stable/9@296312 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sbin/ipfw/ipfw2.c         | 2 +-
 sys/netpfil/ipfw/ip_fw2.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index 4728bd004..c6487a519 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -779,7 +779,7 @@ fill_dscp(ipfw_insn *cmd, char *av, int cblen)
 				errx(EX_DATAERR, "Invalid DSCP value");
 		}
 
-		if (code > 32)
+		if (code >= 32)
 			*high |= 1 << (code - 32);
 		else
 			*low |= 1 << code;
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index 6a7dc08c1..4642f690b 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -1679,7 +1679,7 @@ do {								\
 					break;
 
 				/* DSCP bitmask is stored as low_u32 high_u32 */
-				if (x > 32)
+				if (x >= 32)
 					match = *(p + 1) & (1 << (x - 32));
 				else
 					match = *p & (1 << x);
-- 
2.45.0