From owner-freebsd-hackers  Tue May  7 20:22:53 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id UAA16476
          for hackers-outgoing; Tue, 7 May 1996 20:22:53 -0700 (PDT)
Received: from whistle.com ([207.76.205.131])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id UAA16467
          for <freebsd-hackers@freebsd.org>; Tue, 7 May 1996 20:22:48 -0700 (PDT)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id UAA25580 for <freebsd-hackers@freebsd.org>; Tue, 7 May 1996 20:22:17 -0700 (PDT)
X-Authentication-Warning: whistle.com: smap set sender to <archie@whistle.com> using -f
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma025578; Tue May  7 20:21:59 1996
Received: (from archie@localhost) by bubba.whistle.com (8.6.12/8.6.12) id UAA26444 for freebsd-hackers@freebsd.org; Tue, 7 May 1996 20:21:59 -0700
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199605080321.UAA26444@bubba.whistle.com>
Subject: Fix for ipfw.c
To: freebsd-hackers@freebsd.org
Date: Tue, 7 May 1996 20:21:59 -0700 (PDT)
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


The ``ipfw'' program has a problem in that it doesn't gracefully
detect when the list of tcp/udp ports is too long or improperly
specified (ie, any range must come first). More precisely, it just
core dumps.. :-)

So I took the liberty of fixing it, plus a couple of error messages.
Could someone in charge look at this and check it in?

Thanks,
-Archie

___________________________________________________________________________
Archie L. Cobbs, archie@whistle.com  *  Whistle Communications Corporation


===================================================================
RCS file: /tribe/cvs/freebsd/src/sbin/ipfw/ipfw.c,v
retrieving revision 1.23
diff -c -r1.23 ipfw.c
*** 1.23	1996/04/03 13:49:10
--- ipfw.c	1996/05/08 03:08:15
***************
*** 334,382 ****
  	*avp = av;
  }
  
  int
! fill_port(cnt, ptr, off, av)
  	u_short *cnt, *ptr, off;
! 	char **av;
  {
! 	char *s, sc = 0;
! 	int i = 0;
  
! 	s = strchr(*av,'-');
  	if (s) {
- 		sc = *s;
  		*s++ = '\0';
! 		ptr[off+*cnt] = atoi(*av);
! 		(*cnt)++;
! 		*av = s;
! 		s = strchr(*av,',');
! 		if (s) {
! 			sc = *s;
  			*s++ = '\0';
! 		} else
! 			sc = '\0';
! 		ptr[off+*cnt] = atoi(*av);
! 		(*cnt)++;
! 		if (sc && sc != ',') show_usage("Expected comma\n");
! 		*av = s;
! 		sc = 0;
! 		i = 1;
! 	}
! 	while (*av != NULL) {
! 		s = strchr(*av,',');
! 		if (s) {
! 			sc = *s;
  			*s++ = '\0';
! 		} else
! 			sc = '\0';
! 		ptr[off+*cnt] = atoi(*av);
! 		(*cnt)++;
! 		if (!sc)
! 			break;
! 		if (sc != ',') show_usage("Expected comma\n");
! 		*av = s;
  	}
! 	return i;
  }
  
  void
--- 334,379 ----
  	*avp = av;
  }
  
+ void
+ add_port(cnt, ptr, off, port)
+ 	u_short *cnt, *ptr, off, port;
+ {
+ 	if (off + *cnt >= IP_FW_MAX_PORTS)
+ 		errx(1, "too many ports (max is %d)", IP_FW_MAX_PORTS);
+ 	ptr[off+*cnt] = port;
+ 	(*cnt)++;
+ }
+ 
  int
! fill_port(cnt, ptr, off, arg)
  	u_short *cnt, *ptr, off;
! 	char *arg;
  {
! 	char *s, *comma;
! 	int initial_range = 0;
  
! 	s = strchr(arg,'-');
  	if (s) {
  		*s++ = '\0';
! 		if (strchr(arg, ','))
! 			errx(1, "port range must be first in list");
! 		add_port(cnt, ptr, off, *arg ? atoi(arg) : 0x0000);
! 		arg = s;
! 		s = strchr(arg,',');
! 		if (s)
  			*s++ = '\0';
! 		add_port(cnt, ptr, off, *arg ? atoi(arg) : 0xffff);
! 		arg = s;
! 		initial_range = 1;
! 	}
! 	while (arg != NULL) {
! 		s = strchr(arg,',');
! 		if (s)
  			*s++ = '\0';
! 		add_port(cnt, ptr, off, atoi(arg));
! 		arg = s;
  	}
! 	return initial_range;
  }
  
  void
***************
*** 451,457 ****
  
  	i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
  	if (i)
! 		err(1,"setsockopt(Add)");
  }
  
  void
--- 448,454 ----
  
  	i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
  	if (i)
! 		err(1,"setsockopt(IP_FW_DEL)");
  }
  
  void
***************
*** 515,521 ****
  	fill_ip(&rule.fw_src, &rule.fw_smsk, &ac, &av);
  
  	if (ac && isdigit(**av)) {
! 		if (fill_port(&rule.fw_nsp, &rule.fw_pts, 0, av))
  			rule.fw_flg |= IP_FW_F_SRNG;
  		av++; ac--;
  	}
--- 512,518 ----
  	fill_ip(&rule.fw_src, &rule.fw_smsk, &ac, &av);
  
  	if (ac && isdigit(**av)) {
! 		if (fill_port(&rule.fw_nsp, &rule.fw_pts, 0, *av))
  			rule.fw_flg |= IP_FW_F_SRNG;
  		av++; ac--;
  	}
***************
*** 529,535 ****
  	fill_ip(&rule.fw_dst, &rule.fw_dmsk, &ac, &av);
  
  	if (ac && isdigit(**av)) {
! 		if (fill_port(&rule.fw_ndp, &rule.fw_pts, rule.fw_nsp, av))
  			rule.fw_flg |= IP_FW_F_DRNG;
  		av++; ac--;
  	}
--- 526,532 ----
  	fill_ip(&rule.fw_dst, &rule.fw_dmsk, &ac, &av);
  
  	if (ac && isdigit(**av)) {
! 		if (fill_port(&rule.fw_ndp, &rule.fw_pts, rule.fw_nsp, *av))
  			rule.fw_flg |= IP_FW_F_DRNG;
  		av++; ac--;
  	}
***************
*** 589,595 ****
  	show_ipfw(&rule);
  	i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
  	if (i)
! 		err(1,"setsockopt(Delete)");
  }
  
  int
--- 586,592 ----
  	show_ipfw(&rule);
  	i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
  	if (i)
! 		err(1,"setsockopt(IP_FW_ADD)");
  }
  
  int