3869 tcp anon port calculation wrong

Reviewed by: Dan McDonald <danmcd@nexenta.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Marcel Telka <marcel@telka.sk>
Approved by: Gordon Ross <gwr@nexenta.com>

2 files changed, 6 insertions, 2 deletions

diff --git a/usr/src/uts/common/inet/tcp/tcp_bind.c b/usr/src/uts/common/inet/tcp/tcp_bind.c
index 058b1960dc..83a517e20c 100644
--- a/usr/src/uts/common/inet/tcp/tcp_bind.c
+++ b/usr/src/uts/common/inet/tcp/tcp_bind.c
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2013, Nexenta Systems, Inc. All rights reserved.
  */
 
 #include <sys/types.h>
@@ -227,7 +228,8 @@ tcp_update_next_port(in_port_t port, const tcp_t *tcp, boolean_t random)
 		 * port to get the random port.  It should fall into the
 		 * valid anon port range.
 		 */
-		if (port < tcps->tcps_smallest_anon_port) {
+		if ((port < tcps->tcps_smallest_anon_port) ||
+		    (port > tcps->tcps_largest_anon_port)) {
 			port = tcps->tcps_smallest_anon_port +
 			    port % (tcps->tcps_largest_anon_port -
 			    tcps->tcps_smallest_anon_port);
diff --git a/usr/src/uts/common/inet/udp/udp.c b/usr/src/uts/common/inet/udp/udp.c
index 3bdcd67481..7e501323d3 100644
--- a/usr/src/uts/common/inet/udp/udp.c
+++ b/usr/src/uts/common/inet/udp/udp.c
@@ -20,6 +20,7 @@
  */
 /*
  * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2013, Nexenta Systems, Inc. All rights reserved.
  */
 /* Copyright (c) 1990 Mentat Inc. */
 
@@ -2538,7 +2539,8 @@ udp_update_next_port(udp_t *udp, in_port_t port, boolean_t random)
 		 * port to get the random port.  It should fall into the
 		 * valid anon port range.
 		 */
-		if (port < us->us_smallest_anon_port) {
+		if ((port < us->us_smallest_anon_port) ||
+		    (port > us->us_largest_anon_port)) {
 			port = us->us_smallest_anon_port +
 			    port % (us->us_largest_anon_port -
 			    us->us_smallest_anon_port);