Date: Tue, 7 May 1996 20:21:59 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: freebsd-hackers@freebsd.org Subject: Fix for ipfw.c Message-ID: <199605080321.UAA26444@bubba.whistle.com>
next in thread | raw e-mail | index | archive | help
The ``ipfw'' program has a problem in that it doesn't gracefully
detect when the list of tcp/udp ports is too long or improperly
specified (ie, any range must come first). More precisely, it just
core dumps.. :-)
So I took the liberty of fixing it, plus a couple of error messages.
Could someone in charge look at this and check it in?
Thanks,
-Archie
___________________________________________________________________________
Archie L. Cobbs, archie@whistle.com * Whistle Communications Corporation
===================================================================
RCS file: /tribe/cvs/freebsd/src/sbin/ipfw/ipfw.c,v
retrieving revision 1.23
diff -c -r1.23 ipfw.c
*** 1.23 1996/04/03 13:49:10
--- ipfw.c 1996/05/08 03:08:15
***************
*** 334,382 ****
*avp = av;
}
int
! fill_port(cnt, ptr, off, av)
u_short *cnt, *ptr, off;
! char **av;
{
! char *s, sc = 0;
! int i = 0;
! s = strchr(*av,'-');
if (s) {
- sc = *s;
*s++ = '\0';
! ptr[off+*cnt] = atoi(*av);
! (*cnt)++;
! *av = s;
! s = strchr(*av,',');
! if (s) {
! sc = *s;
*s++ = '\0';
! } else
! sc = '\0';
! ptr[off+*cnt] = atoi(*av);
! (*cnt)++;
! if (sc && sc != ',') show_usage("Expected comma\n");
! *av = s;
! sc = 0;
! i = 1;
! }
! while (*av != NULL) {
! s = strchr(*av,',');
! if (s) {
! sc = *s;
*s++ = '\0';
! } else
! sc = '\0';
! ptr[off+*cnt] = atoi(*av);
! (*cnt)++;
! if (!sc)
! break;
! if (sc != ',') show_usage("Expected comma\n");
! *av = s;
}
! return i;
}
void
--- 334,379 ----
*avp = av;
}
+ void
+ add_port(cnt, ptr, off, port)
+ u_short *cnt, *ptr, off, port;
+ {
+ if (off + *cnt >= IP_FW_MAX_PORTS)
+ errx(1, "too many ports (max is %d)", IP_FW_MAX_PORTS);
+ ptr[off+*cnt] = port;
+ (*cnt)++;
+ }
+
int
! fill_port(cnt, ptr, off, arg)
u_short *cnt, *ptr, off;
! char *arg;
{
! char *s, *comma;
! int initial_range = 0;
! s = strchr(arg,'-');
if (s) {
*s++ = '\0';
! if (strchr(arg, ','))
! errx(1, "port range must be first in list");
! add_port(cnt, ptr, off, *arg ? atoi(arg) : 0x0000);
! arg = s;
! s = strchr(arg,',');
! if (s)
*s++ = '\0';
! add_port(cnt, ptr, off, *arg ? atoi(arg) : 0xffff);
! arg = s;
! initial_range = 1;
! }
! while (arg != NULL) {
! s = strchr(arg,',');
! if (s)
*s++ = '\0';
! add_port(cnt, ptr, off, atoi(arg));
! arg = s;
}
! return initial_range;
}
void
***************
*** 451,457 ****
i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
if (i)
! err(1,"setsockopt(Add)");
}
void
--- 448,454 ----
i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
if (i)
! err(1,"setsockopt(IP_FW_DEL)");
}
void
***************
*** 515,521 ****
fill_ip(&rule.fw_src, &rule.fw_smsk, &ac, &av);
if (ac && isdigit(**av)) {
! if (fill_port(&rule.fw_nsp, &rule.fw_pts, 0, av))
rule.fw_flg |= IP_FW_F_SRNG;
av++; ac--;
}
--- 512,518 ----
fill_ip(&rule.fw_src, &rule.fw_smsk, &ac, &av);
if (ac && isdigit(**av)) {
! if (fill_port(&rule.fw_nsp, &rule.fw_pts, 0, *av))
rule.fw_flg |= IP_FW_F_SRNG;
av++; ac--;
}
***************
*** 529,535 ****
fill_ip(&rule.fw_dst, &rule.fw_dmsk, &ac, &av);
if (ac && isdigit(**av)) {
! if (fill_port(&rule.fw_ndp, &rule.fw_pts, rule.fw_nsp, av))
rule.fw_flg |= IP_FW_F_DRNG;
av++; ac--;
}
--- 526,532 ----
fill_ip(&rule.fw_dst, &rule.fw_dmsk, &ac, &av);
if (ac && isdigit(**av)) {
! if (fill_port(&rule.fw_ndp, &rule.fw_pts, rule.fw_nsp, *av))
rule.fw_flg |= IP_FW_F_DRNG;
av++; ac--;
}
***************
*** 589,595 ****
show_ipfw(&rule);
i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
if (i)
! err(1,"setsockopt(Delete)");
}
int
--- 586,592 ----
show_ipfw(&rule);
i = setsockopt(s, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
if (i)
! err(1,"setsockopt(IP_FW_ADD)");
}
int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605080321.UAA26444>