Date: Tue, 15 Nov 2005 17:08:57 GMT From: Vladimir Kotal <vlada@devnull.cz> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/89079: pfctl does not check interface name against list of known interfaces with () operator Message-ID: <200511151708.jAFH8vLP080657@www.freebsd.org> Resent-Message-ID: <200511151710.jAFHAKe7070814@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 89079
>Category: misc
>Synopsis: pfctl does not check interface name against list of known interfaces with () operator
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 15 17:10:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Vladimir Kotal
>Release: 5.4-RELEASE
>Organization:
>Environment:
FreeBSD worm 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
pfctl(8) does not check interface name against list of interfaces actually present.
>How-To-Repeat:
insert following line into valid pf.conf file:
pass out quick on $ext_if proto icmp from (XXX) to any keep state
where ext_if is name of aritrary interface in the system and load the config file via pfctl -f <file>.
when loaded, pfctl -s Interfaces would present list of valid interfaces along with 'XXX' "interface".
the problem lies in pfctl_parser.c:ifa_exists()
and in following parse.y code:
if (ifa_exists($2, 1) == NULL && strcmp($2, "self")) {
#ifndef __FreeBSD__
yyerror("interface %s does not exist", $2);
free(op);
YYERROR;
#endif
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511151708.jAFH8vLP080657>