uK7pSmUkO1LAVak5hXPCnJTJ
	KPI4cmqT28zGTEjiiBDLLgUSFMw51KCNidhHq7W5sdlahu2jrRKALspXqj9aK35dlrnRoH
	JIrOA/DVMFIjpwseVbUm7krf2zEXXYyhmmEoCpnOyTRNox+TWK3opKPPzha1vH/t4fs3Gi
	vRFUmX9PEzo8xGl1X6JaOB7t6vB1Ji26++3MxClxUDw3pgQl7Wy/tcv9fiQAyjQW+tHMgA
	w2CxHtV1RFwJBMtmDkrBJgPHIQB1yIm3jvRIQWqEmAsCcNrtzPZcNu3KK0IV7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1751544068;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kKfhZWTzM2swYKn/njcyU9Nk9jB+EiplxzyE9HG31Zc=;
	b=TrdwKGhJD+X+yu/KHufSz5ImrM1TvkWWLHdgOmxsHoe+TKQVI3kJfhORGXmBR4mDNUhgQk
	vT8DAJWppgBsJsJtlnFQLvsRzYNoGotk+BI7NtSlvDiRa2DcX4p+FVo2YJUciWBYc0sCZ3
	YOEX74SWxRdpaYqUWSenV71KqNxsMhY3/K7utN9oWHsoF8cQCtfD7AQ6xMvqoljJzMhXHD
	0l2tfxwxrGN8BCHXjB3H71SerG5WtRzAF53ubV8GS6KjR27VoOQBxGZxKNIH3kiQFVgIPM
	K0i9YX3m6vhoqHeBOc0Rt3UpjIyvAABRbN6ZFv0CZvck/J8aR45+Aq75kZTt8A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751544068; a=rsa-sha256; cv=none;
	b=A53DOHZOA59oKBZ32Ifr7KJrM6lAKdNw9PGXFgIWpUa3oMF+XXohcQOlapcy4BJXukktbB
	Suj/MP1c1RlJ4Ah3QTTT0fK82QLuDW4QX95EYRHJjhRLmnxPLbDYXPgxZMB2eb1+Un68Fo
	yMUJPtIOg2DUtUVBsk38pYCKE9qMMIAFZCpvQpT8CTxGiqsfaKkM6SUSQBQ7O4lEMJsy+f
	vMgli4f/DORioEkLlCUlQLPwSgiasmLmUIa1TaBFjliBoUSCbrosKXxpqLfNiLQPOpnAIY
	3arWLXqhW68HyL0MKuHdkTRVfJHyph/Cs2QthoKe5V2C6r4RyHCSt06vmY9wZw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bXwMm3NsLz13rp;
	Thu, 03 Jul 2025 12:01:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 563C181E051978;
	Thu, 3 Jul 2025 12:01:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 563C183c051975;
	Thu, 3 Jul 2025 12:01:08 GMT
	(envelope-from git)
Date: Thu, 3 Jul 2025 12:01:08 GMT
Message-Id: <202507031201.563C183c051975@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: da27faa01f27 - main - pfctl: fix parsing of '10/8'
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: da27faa01f27dd04915c204782542525d43ab7eb
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=da27faa01f27dd04915c204782542525d43ab7eb

commit da27faa01f27dd04915c204782542525d43ab7eb
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-01 15:18:20 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-03 07:16:14 +0000

    pfctl: fix parsing of '10/8'
    
    FreeBSD's getaddrinfo() differs a little from OpenBSD's, and it will resolve
    '10' to IPv4 address '0.0.0.10', wheres OpenBSD's will just fail. As a result we
    work out that '10/8' is '0.0.0.0/8', rather than the intended '10.0.0.0/8'.
    
    Reverse the order of operations: attempt to parse the address with
    inet_net_pton() first and only use getaddrinfo() if that fails.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl_parser.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 8eb9bd1d6f5a..cb083bd09344 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1866,33 +1866,33 @@ host_ip(const char *s, int mask)
 	struct addrinfo		 hints, *res;
 	struct node_host	*h = NULL;
 
+	h = calloc(1, sizeof(*h));
+	if (h == NULL)
+		err(1, "%s: calloc", __func__);
+	if (mask != -1) {
+		/* Try to parse 10/8 */
+		h->af = AF_INET;
+		if (inet_net_pton(AF_INET, s, &h->addr.v.a.addr.v4,
+		    sizeof(h->addr.v.a.addr.v4)) != -1)
+			goto out;
+	}
+
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = AF_UNSPEC;
 	hints.ai_socktype = SOCK_DGRAM; /*dummy*/
 	hints.ai_flags = AI_NUMERICHOST;
 	if (getaddrinfo(s, NULL, &hints, &res) == 0) {
-		h = calloc(1, sizeof(*h));
-		if (h == NULL)
-			err(1, "%s: calloc", __func__);
 		h->af = res->ai_family;
 		copy_satopfaddr(&h->addr.v.a.addr, res->ai_addr);
 		if (h->af == AF_INET6)
 			h->ifindex =
 			    ((struct sockaddr_in6 *)res->ai_addr)->sin6_scope_id;
 		freeaddrinfo(res);
-	} else { /* ie. for 10/8 parsing */
-		if (mask == -1)
-			return (NULL);
-		h = calloc(1, sizeof(*h));
-		if (h == NULL)
-			err(1, "%s: calloc", __func__);
-		h->af = AF_INET;
-		if (inet_net_pton(AF_INET, s, &h->addr.v.a.addr.v4,
-			sizeof(h->addr.v.a.addr.v4)) == -1) {
-			free(h);
-			return (NULL);
-		}
+	} else {
+		free(h);
+		return (NULL);
 	}
+out:
 	set_ipmask(h, mask);
 	h->ifname = NULL;
 	h->next = NULL;