From owner-dev-commits-src-main@freebsd.org Sat May 8 20:53:08 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6B34763F7A7; Sat, 8 May 2021 20:53:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fczzm2f5dz3lBb; Sat, 8 May 2021 20:53:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4DB052565A; Sat, 8 May 2021 20:53:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 148Kr8so079053; Sat, 8 May 2021 20:53:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 148Kr8j9079052; Sat, 8 May 2021 20:53:08 GMT (envelope-from git) Date: Sat, 8 May 2021 20:53:08 GMT Message-Id: <202105082053.148Kr8j9079052@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Lutz Donnerhacke Subject: git: 6cb13813caa0 - main - sbin/ipfw: Fix parsing error in table based forward MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: donner X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6cb13813caa09305046e0cecad8bba3ae2287b0d Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2021 20:53:08 -0000 The branch main has been updated by donner: URL: https://cgit.FreeBSD.org/src/commit/?id=6cb13813caa09305046e0cecad8bba3ae2287b0d commit 6cb13813caa09305046e0cecad8bba3ae2287b0d Author: Lutz Donnerhacke AuthorDate: 2021-05-07 18:59:34 +0000 Commit: Lutz Donnerhacke CommitDate: 2021-05-08 20:52:17 +0000 sbin/ipfw: Fix parsing error in table based forward The argument parser does not recognise the optional port for an "tablearg" argument. Fix simplifies the code by make the internal representation expicit for the parser. PR: 252744 MFC: 1 week Reported by: Approved by: nc Tested by: Differential Revision: https://reviews.freebsd.org/D30164 --- sbin/ipfw/ipfw2.c | 87 +++++++++++++++++++++++++++---------------------------- 1 file changed, 42 insertions(+), 45 deletions(-) diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index c17fbbca7dfa..498da22e6599 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -4021,57 +4021,54 @@ chkarg: NEED1("missing forward address[:port]"); - if (_substrcmp(*av, "tablearg") == 0) { - family = PF_INET; - ((struct sockaddr_in*)&result)->sin_addr.s_addr = - INADDR_ANY; - } else { - /* - * Are we an bracket-enclosed IPv6 address? - */ - if (strchr(*av, '[')) - (*av)++; + if (strncmp(*av, "tablearg", 8) == 0) + memcpy(++(*av), "0.0.0.0", 7); - /* - * locate the address-port separator (':' or ',') - */ - s = strchr(*av, ','); - if (s == NULL) { - s = strchr(*av, ']'); - /* Prevent erroneous parsing on brackets. */ - if (s != NULL) - *(s++) = '\0'; - else - s = *av; - - /* Distinguish between IPv4:port and IPv6 cases. */ - s = strchr(s, ':'); - if (s && strchr(s+1, ':')) - s = NULL; /* no port */ - } + /* + * Are we an bracket-enclosed IPv6 address? + */ + if (strchr(*av, '[')) + (*av)++; - if (s != NULL) { - /* Terminate host portion and set s to start of port. */ + /* + * locate the address-port separator (':' or ',') + */ + s = strchr(*av, ','); + if (s == NULL) { + s = strchr(*av, ']'); + /* Prevent erroneous parsing on brackets. */ + if (s != NULL) *(s++) = '\0'; - i = strtoport(s, &end, 0 /* base */, 0 /* proto */); - if (s == end) - errx(EX_DATAERR, - "illegal forwarding port ``%s''", s); - port_number = (u_short)i; - } + else + s = *av; - /* - * Resolve the host name or address to a family and a - * network representation of the address. - */ - if (getaddrinfo(*av, NULL, NULL, &res)) - errx(EX_DATAERR, NULL); - /* Just use the first host in the answer. */ - family = res->ai_family; - memcpy(&result, res->ai_addr, res->ai_addrlen); - freeaddrinfo(res); + /* Distinguish between IPv4:port and IPv6 cases. */ + s = strchr(s, ':'); + if (s && strchr(s+1, ':')) + s = NULL; /* no port */ } + if (s != NULL) { + /* Terminate host portion and set s to start of port. */ + *(s++) = '\0'; + i = strtoport(s, &end, 0 /* base */, 0 /* proto */); + if (s == end) + errx(EX_DATAERR, + "illegal forwarding port ``%s''", s); + port_number = (u_short)i; + } + + /* + * Resolve the host name or address to a family and a + * network representation of the address. + */ + if (getaddrinfo(*av, NULL, NULL, &res)) + errx(EX_DATAERR, NULL); + /* Just use the first host in the answer. */ + family = res->ai_family; + memcpy(&result, res->ai_addr, res->ai_addrlen); + freeaddrinfo(res); + if (family == PF_INET) { ipfw_insn_sa *p = (ipfw_insn_sa *)action;