Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 8 May 2021 20:53:08 GMT
From:      Lutz Donnerhacke <donner@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 6cb13813caa0 - main - sbin/ipfw: Fix parsing error in table based forward
Message-ID:  <202105082053.148Kr8j9079052@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by donner:

URL: https://cgit.FreeBSD.org/src/commit/?id=6cb13813caa09305046e0cecad8bba3ae2287b0d

commit 6cb13813caa09305046e0cecad8bba3ae2287b0d
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-05-07 18:59:34 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-08 20:52:17 +0000

    sbin/ipfw: Fix parsing error in table based forward
    
    The argument parser does not recognise the optional port for an
    "tablearg" argument.  Fix simplifies the code by make the internal
    representation expicit for the parser.
    
    PR:             252744
    MFC:            1 week
    Reported by:    <bugs.freebsd.org@mx.zzux.com>
    Approved by:    nc
    Tested by:      <bugs.freebsd.org@mx.zzux.com>
    Differential Revision: https://reviews.freebsd.org/D30164
---
 sbin/ipfw/ipfw2.c | 87 +++++++++++++++++++++++++++----------------------------
 1 file changed, 42 insertions(+), 45 deletions(-)

diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index c17fbbca7dfa..498da22e6599 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -4021,57 +4021,54 @@ chkarg:
 
 		NEED1("missing forward address[:port]");
 
-		if (_substrcmp(*av, "tablearg") == 0) {
-			family = PF_INET;
-			((struct sockaddr_in*)&result)->sin_addr.s_addr =
-			    INADDR_ANY;
-		} else {
-			/*
-			 * Are we an bracket-enclosed IPv6 address?
-			 */
-			if (strchr(*av, '['))
-				(*av)++;
+		if (strncmp(*av, "tablearg", 8) == 0)
+			memcpy(++(*av), "0.0.0.0", 7);
 
-			/*
-			 * locate the address-port separator (':' or ',')
-			 */
-			s = strchr(*av, ',');
-			if (s == NULL) {
-				s = strchr(*av, ']');
-				/* Prevent erroneous parsing on brackets. */
-				if (s != NULL)
-					*(s++) = '\0';
-				else
-					s = *av;
-
-				/* Distinguish between IPv4:port and IPv6 cases. */
-				s = strchr(s, ':');
-				if (s && strchr(s+1, ':'))
-					s = NULL; /* no port */
-			}
+		/*
+		 * Are we an bracket-enclosed IPv6 address?
+		 */
+		if (strchr(*av, '['))
+			(*av)++;
 
-			if (s != NULL) {
-				/* Terminate host portion and set s to start of port. */
+		/*
+		 * locate the address-port separator (':' or ',')
+		 */
+		s = strchr(*av, ',');
+		if (s == NULL) {
+			s = strchr(*av, ']');
+			/* Prevent erroneous parsing on brackets. */
+			if (s != NULL)
 				*(s++) = '\0';
-				i = strtoport(s, &end, 0 /* base */, 0 /* proto */);
-				if (s == end)
-					errx(EX_DATAERR,
-					    "illegal forwarding port ``%s''", s);
-				port_number = (u_short)i;
-			}
+			else
+				s = *av;
 
-			/*
-			 * Resolve the host name or address to a family and a
-			 * network representation of the address.
-			 */
-			if (getaddrinfo(*av, NULL, NULL, &res))
-				errx(EX_DATAERR, NULL);
-			/* Just use the first host in the answer. */
-			family = res->ai_family;
-			memcpy(&result, res->ai_addr, res->ai_addrlen);
-			freeaddrinfo(res);
+			/* Distinguish between IPv4:port and IPv6 cases. */
+			s = strchr(s, ':');
+			if (s && strchr(s+1, ':'))
+				s = NULL; /* no port */
 		}
 
+		if (s != NULL) {
+			/* Terminate host portion and set s to start of port. */
+			*(s++) = '\0';
+			i = strtoport(s, &end, 0 /* base */, 0 /* proto */);
+			if (s == end)
+				errx(EX_DATAERR,
+				    "illegal forwarding port ``%s''", s);
+			port_number = (u_short)i;
+		}
+
+		/*
+		 * Resolve the host name or address to a family and a
+		 * network representation of the address.
+		 */
+		if (getaddrinfo(*av, NULL, NULL, &res))
+			errx(EX_DATAERR, NULL);
+		/* Just use the first host in the answer. */
+		family = res->ai_family;
+		memcpy(&result, res->ai_addr, res->ai_addrlen);
+		freeaddrinfo(res);
+
  		if (family == PF_INET) {
 			ipfw_insn_sa *p = (ipfw_insn_sa *)action;
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105082053.148Kr8j9079052>