From owner-freebsd-bugs@FreeBSD.ORG Mon Apr 14 08:10:14 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6358A37B401 for ; Mon, 14 Apr 2003 08:10:14 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B63E843F85 for ; Mon, 14 Apr 2003 08:10:11 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h3EFABUp094878 for ; Mon, 14 Apr 2003 08:10:11 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h3EFABQs094877; Mon, 14 Apr 2003 08:10:11 -0700 (PDT) Resent-Date: Mon, 14 Apr 2003 08:10:11 -0700 (PDT) Resent-Message-Id: <200304141510.h3EFABQs094877@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Rene de Vries Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E8B937B401; Mon, 14 Apr 2003 08:02:26 -0700 (PDT) Received: from bastix.tunix.nl (bastix.tunix.nl [193.79.201.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B79143F93; Mon, 14 Apr 2003 08:02:24 -0700 (PDT) (envelope-from rene@tunix.nl) Received: (from root@localhost) by bastix.tunix.nl (8.9.3c/8.6.12) id RAA29522; Mon, 14 Apr 2003 17:02:35 +0200 (CEST) Received: by bastix.tunix.nl (TUNIX txp2/smap) id sma027966; Mon, 14 Apr 03 17:01:29 +0200 Received: from upsilix.tunix.nl (upsilix.tunix.nl [172.16.2.22]) by fix.tunix.nl (8.10.2+Sun/8.10.2) with ESMTP id h3EF1H928703; Mon, 14 Apr 2003 17:01:17 +0200 (MEST) Received: from upsilix.tunix.nl (localhost.tunix.nl [127.0.0.1]) by upsilix.tunix.nl (8.12.6/8.12.6) with ESMTP id h3EF1Dc5072689; Mon, 14 Apr 2003 17:01:13 +0200 (CEST) (envelope-from rene@upsilix.tunix.nl) Received: (from rene@localhost) by upsilix.tunix.nl (8.12.6/8.12.6/Submit) id h3EF1CsF072688; Mon, 14 Apr 2003 17:01:12 +0200 (CEST) (envelope-from rene) Message-Id: <200304141501.h3EF1CsF072688@upsilix.tunix.nl> Date: Mon, 14 Apr 2003 17:01:12 +0200 (CEST) From: Rene de Vries To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: darrenr@FreeBSD.org Subject: kern/50947: BUG: port eq 25 does not work anymore (port = 25 does) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Rene de Vries List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 15:10:14 -0000 >Number: 50947 >Category: kern >Synopsis: BUG: port eq 25 does not work anymore (port = 25 does) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 14 08:10:11 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Rene de Vries >Release: FreeBSD 4.7-RELEASE-p3 i386/FreeBSD 5.0-20030401 i386 >Organization: Tunix Internet Security & Training >Environment: FreeBSD 4.7/5.0, IPFilter 3.4.29/3.4.31 >Description: Change the order in which keywords are checked. The "isalnum" function also matches "eq", "ne", etc, so these are always found to be symbolic port names. When reversed, so first check "eq", "ne", etc these compares can still be used. >How-To-Repeat: block in quick from any to any port eq 25 >Fix: Diff against FreeBSD 5 (current as of 1 Apr 2003) Index: contrib/ipfilter/common.c =================================================================== RCS file: /home/fbsd-cvsrepo/src/contrib/ipfilter/common.c,v retrieving revision 1.1.1.6 diff -u -r1.1.1.6 common.c --- contrib/ipfilter/common.c 15 Feb 2003 06:27:40 -0000 1.1.1.6 +++ contrib/ipfilter/common.c 1 Apr 2003 11:31:03 -0000 @@ -263,7 +263,19 @@ return 0; if (!strcasecmp(**seg, "port") && *(*seg + 1) && *(*seg + 2)) { (*seg)++; - if (isalnum(***seg) && *(*seg + 2)) { + if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq")) + comp = FR_EQUAL; + else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne")) + comp = FR_NEQUAL; + else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt")) + comp = FR_LESST; + else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt")) + comp = FR_GREATERT; + else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le")) + comp = FR_LESSTE; + else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge")) + comp = FR_GREATERTE; + else if (isalnum(***seg) && *(*seg + 2)) { if (portnum(**seg, pp, linenum) == 0) return -1; (*seg)++; @@ -285,19 +297,7 @@ } if (portnum(**seg, tp, linenum) == 0) return -1; - } else if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq")) - comp = FR_EQUAL; - else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne")) - comp = FR_NEQUAL; - else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt")) - comp = FR_LESST; - else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt")) - comp = FR_GREATERT; - else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le")) - comp = FR_LESSTE; - else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge")) - comp = FR_GREATERTE; - else { + } else { fprintf(stderr, "%d: unknown comparator (%s)\n", linenum, **seg); return -1; >Release-Note: >Audit-Trail: >Unformatted: