Date: Tue, 29 Jun 1999 06:44:07 +1000 From: peter.jeremy@alcatel.com.au To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/12437: Off-by-1 error and incorrect man page for /usr/sbin/ppp Message-ID: <99Jun29.074108est.40325@border.alcanet.com.au>
next in thread | raw e-mail | index | archive | help
>Number: 12437
>Category: bin
>Synopsis: Off-by-1 error and incorrect man page for /usr/sbin/ppp
>Confidential: yes
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jun 28 15:00:02 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Peter Jeremy
>Release: FreeBSD 4.0-CURRENT i386
>Organization:
Alcatel Australia Limited
>Environment:
-current as of cvs-cur 5429
>Description:
1) When a `filter' entry is validated, the filter number is
range-checked in filter.c:Parse(). Currently, the check
allows filter numbers 0 through MAXFILTERS (40) inclusive,
although the actual array is MAXFILTERS long.
2) The man page states that the filter number should be
between 0 and 19 (though it later states 40 filters are
allowed). The 19 should be 39 to match the (corrected) code.
3) The man page does not document the `clear' option, which
allows a specific filter number to be deleted.
>How-To-Repeat:
The problems were all found via code inspection, however the
first problem should show up by using a configuration file
entry along the lines of
set filter in 40 permit 193.21.10.30/31 139.188.0.0/16
which should be rejected
>Fix:
Index: filter.c
===================================================================
RCS file: /home/CVSROOT/./src/usr.sbin/ppp/filter.c,v
retrieving revision 1.30
diff -u -r1.30 filter.c
--- filter.c 1999/06/23 16:48:21 1.30
+++ filter.c 1999/06/28 14:56:41
@@ -306,7 +306,7 @@
struct filterent filterdata;
val = strtol(*argv, &wp, 0);
- if (*argv == wp || val > MAXFILTERS) {
+ if (*argv == wp || val >= MAXFILTERS) {
log_Printf(LogWARN, "Parse: invalid filter number.\n");
return (0);
}
Index: ppp.8
===================================================================
RCS file: /home/CVSROOT/./src/usr.sbin/ppp/ppp.8,v
retrieving revision 1.177
diff -u -r1.177 ppp.8
--- ppp.8 1999/06/23 16:48:24 1.177
+++ ppp.8 1999/06/28 14:56:42
@@ -1424,7 +1424,7 @@
is a numeric value between
.Sq 0
and
-.Sq 19
+.Sq 39
specifying the rule number. Rules are specified in numeric order according to
.Ar rule-no ,
but only if rule
@@ -1438,6 +1438,10 @@
.Sq deny .
If a given packet
matches the rule, the associated action is taken immediately.
+.Ar Action
+can also be specified as
+.Sq clear
+to clear the action associated with that particular rule.
.It
.Op Ar src_addr Ns Op / Ns Ar width
and
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Jun29.074108est.40325>