From owner-freebsd-ipfw@FreeBSD.ORG  Thu May  3 04:40:15 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1E8B516A4D2
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  3 May 2007 04:40:15 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id CC0A513C448
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  3 May 2007 04:40:14 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l434eEwK069829
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 3 May 2007 04:40:14 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l434eEL9069828;
	Thu, 3 May 2007 04:40:14 GMT (envelope-from gnats)
Date: Thu, 3 May 2007 04:40:14 GMT
Message-Id: <200705030440.l434eEL9069828@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Cc: 
Subject: Re: bin/80913: [patch] /sbin/ipfw2 silently discards MAC addr arg
 with improper characters
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2007 04:40:15 -0000

The following reply was made to PR bin/80913; it has been noted by GNATS.

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: bug-followup@FreeBSD.org, gfb@vta.com,
	Maxim Konovalov <maxim@FreeBSD.org>
Cc:  
Subject: Re: bin/80913: [patch] /sbin/ipfw2 silently discards MAC addr arg
 with improper characters
Date: Thu, 03 May 2007 08:36:27 +0400

 This is a multi-part message in MIME format.
 --------------030401010501060202090501
 Content-Type: text/plain; charset=KOI8-R; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Hi, can you test the following patch?
 
 -- 
 WBR, Andrey V. Elsukov
 
 --------------030401010501060202090501
 Content-Type: text/plain;
  name="ipfw2.c.diff.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="ipfw2.c.diff.txt"
 
 --- src/sbin/ipfw/ipfw2.c	Wed Apr 18 18:03:08 2007
 +++ src/sbin/ipfw/ipfw2.c	Wed May  2 20:05:20 2007
 @@ -47,6 +47,7 @@
  #include <unistd.h>
  #include <fcntl.h>
  
 +#include <net/ethernet.h>
  #include <net/if.h>
  #include <net/if_dl.h>
  #include <net/pfvar.h>
 @@ -4374,36 +4375,51 @@
  }
  
  static void
 -get_mac_addr_mask(char *p, uint8_t *addr, uint8_t *mask)
 +get_mac_addr_mask(const char *p, uint8_t *addr, uint8_t *mask)
  {
  	int i, l;
 +	char *ap, *ptr, *optr;
 +	struct ether_addr *mac;
 +	const char *macset = "0123456789abcdefABCDEF:";
  
 -	for (i=0; i<6; i++)
 +	if (strcmp(p, "any") == 0) {
 +		for (i = 0; i < ETHER_ADDR_LEN; i++)
  		addr[i] = mask[i] = 0;
 -	if (strcmp(p, "any") == 0)
  		return;
 +	}
  
 -	for (i=0; *p && i<6;i++, p++) {
 -		addr[i] = strtol(p, &p, 16);
 -		if (*p != ':') /* we start with the mask */
 -			break;
 -	}
 -	if (*p == '/') { /* mask len */
 -		l = strtol(p+1, &p, 0);
 -		for (i=0; l>0; l -=8, i++)
 -			mask[i] = (l >=8) ? 0xff : (~0) << (8-l);
 -	} else if (*p == '&') { /* mask */
 -		for (i=0, p++; *p && i<6;i++, p++) {
 -			mask[i] = strtol(p, &p, 16);
 -			if (*p != ':')
 -				break;
 +	optr = ptr = strdup(p);
 +	if ((ap = strsep(&ptr, "&/")) != NULL && *ap != 0) {
 +		l = strlen(ap);
 +		if (strspn(ap, macset) != l || (mac = ether_aton(ap)) == NULL)
 +			errx(EX_DATAERR, "Incorrect MAC address");
 +		bcopy(mac, addr, ETHER_ADDR_LEN);
 +	} else
 +		errx(EX_DATAERR, "Incorrect MAC address");
 +
 +	if (ptr != NULL) { /* we have mask? */
 +		if (p[ptr - optr - 1] == '/') { /* mask len */
 +			l = strtol(ptr, &ap, 10);
 +			if (*ap != 0 || l > ETHER_ADDR_LEN * 8 || l < 0)
 +				errx(EX_DATAERR, "Incorrect mask length");
 +			for (i = 0; l > 0 && i < ETHER_ADDR_LEN; l -=8, i++)
 +				mask[i] = (l >= 8) ? 0xff: (~0) << (8 - l);
 +		} else { /* mask */
 +			l = strlen(ptr);
 +			if (strspn(ptr, macset) != l ||
 +			   (mac = ether_aton(ptr)) == NULL)
 +				errx(EX_DATAERR, "Incorrect mask");
 +			bcopy(mac, mask, ETHER_ADDR_LEN);
  		}
 -	} else if (*p == '\0') {
 -		for (i=0; i<6; i++)
 +	} else { /* default mask: ff:ff:ff:ff:ff:ff */
 +		for (i = 0; i < ETHER_ADDR_LEN; i++)
  			mask[i] = 0xff;
  	}
 -	for (i=0; i<6; i++)
 +
 +	for (i = 0; i < ETHER_ADDR_LEN; i++)
  		addr[i] &= mask[i];
 +
 +	free(optr);
  }
  
  /*
 
 --------------030401010501060202090501--