Date: Sat, 8 May 2021 20:53:08 GMT From: Lutz Donnerhacke <donner@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 6cb13813caa0 - main - sbin/ipfw: Fix parsing error in table based forward Message-ID: <202105082053.148Kr8j9079052@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by donner: URL: https://cgit.FreeBSD.org/src/commit/?id=6cb13813caa09305046e0cecad8bba3ae2287b0d commit 6cb13813caa09305046e0cecad8bba3ae2287b0d Author: Lutz Donnerhacke <donner@FreeBSD.org> AuthorDate: 2021-05-07 18:59:34 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-05-08 20:52:17 +0000 sbin/ipfw: Fix parsing error in table based forward The argument parser does not recognise the optional port for an "tablearg" argument. Fix simplifies the code by make the internal representation expicit for the parser. PR: 252744 MFC: 1 week Reported by: <bugs.freebsd.org@mx.zzux.com> Approved by: nc Tested by: <bugs.freebsd.org@mx.zzux.com> Differential Revision: https://reviews.freebsd.org/D30164 --- sbin/ipfw/ipfw2.c | 87 +++++++++++++++++++++++++++---------------------------- 1 file changed, 42 insertions(+), 45 deletions(-) diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index c17fbbca7dfa..498da22e6599 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -4021,57 +4021,54 @@ chkarg: NEED1("missing forward address[:port]"); - if (_substrcmp(*av, "tablearg") == 0) { - family = PF_INET; - ((struct sockaddr_in*)&result)->sin_addr.s_addr = - INADDR_ANY; - } else { - /* - * Are we an bracket-enclosed IPv6 address? - */ - if (strchr(*av, '[')) - (*av)++; + if (strncmp(*av, "tablearg", 8) == 0) + memcpy(++(*av), "0.0.0.0", 7); - /* - * locate the address-port separator (':' or ',') - */ - s = strchr(*av, ','); - if (s == NULL) { - s = strchr(*av, ']'); - /* Prevent erroneous parsing on brackets. */ - if (s != NULL) - *(s++) = '\0'; - else - s = *av; - - /* Distinguish between IPv4:port and IPv6 cases. */ - s = strchr(s, ':'); - if (s && strchr(s+1, ':')) - s = NULL; /* no port */ - } + /* + * Are we an bracket-enclosed IPv6 address? + */ + if (strchr(*av, '[')) + (*av)++; - if (s != NULL) { - /* Terminate host portion and set s to start of port. */ + /* + * locate the address-port separator (':' or ',') + */ + s = strchr(*av, ','); + if (s == NULL) { + s = strchr(*av, ']'); + /* Prevent erroneous parsing on brackets. */ + if (s != NULL) *(s++) = '\0'; - i = strtoport(s, &end, 0 /* base */, 0 /* proto */); - if (s == end) - errx(EX_DATAERR, - "illegal forwarding port ``%s''", s); - port_number = (u_short)i; - } + else + s = *av; - /* - * Resolve the host name or address to a family and a - * network representation of the address. - */ - if (getaddrinfo(*av, NULL, NULL, &res)) - errx(EX_DATAERR, NULL); - /* Just use the first host in the answer. */ - family = res->ai_family; - memcpy(&result, res->ai_addr, res->ai_addrlen); - freeaddrinfo(res); + /* Distinguish between IPv4:port and IPv6 cases. */ + s = strchr(s, ':'); + if (s && strchr(s+1, ':')) + s = NULL; /* no port */ } + if (s != NULL) { + /* Terminate host portion and set s to start of port. */ + *(s++) = '\0'; + i = strtoport(s, &end, 0 /* base */, 0 /* proto */); + if (s == end) + errx(EX_DATAERR, + "illegal forwarding port ``%s''", s); + port_number = (u_short)i; + } + + /* + * Resolve the host name or address to a family and a + * network representation of the address. + */ + if (getaddrinfo(*av, NULL, NULL, &res)) + errx(EX_DATAERR, NULL); + /* Just use the first host in the answer. */ + family = res->ai_family; + memcpy(&result, res->ai_addr, res->ai_addrlen); + freeaddrinfo(res); + if (family == PF_INET) { ipfw_insn_sa *p = (ipfw_insn_sa *)action;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105082053.148Kr8j9079052>