mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-10-18 02:19:39 +00:00
Code Issues Releases Activity

pfctl: fix incorrect optimization

Browse Source 
In the non-optimized case, an address list containing "any" (ie. { any 10.0.0.1 })
should be folded in the parser to any, not to 10.0.0.1.  How long this bug has
been with us is unclear.
ok guenther mcbride

Obtained from:	OpenBSD, deraadt <deraadt@openbsd.org>, e3b4bc25a0
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D46580
This commit is contained in:
Kristof Provost 2024-08-29 12:02:51 +02:00
parent e80f2a1087
commit 637d81c52d
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sbin/pfctl/parse.y
View File

@ -3572,11 +3572,13 @@ toipspec : TO ipspec { $$ = $2; }
host_list : ipspec optnl { $$ = $1; } host_list : ipspec optnl { $$ = $1; }
| host_list comma ipspec optnl { | host_list comma ipspec optnl {
if ($3 == NULL) if ($1 == NULL) {
freehostlist($3);
$$ = $1; $$ = $1;
else if ($1 == NULL) } else if ($3 == NULL) {
freehostlist($1);
$$ = $3; $$ = $3;
else { } else {
$1->tail->next = $3; $1->tail->next = $3;
$1->tail = $3->tail; $1->tail = $3->tail;
$$ = $1; $$ = $1;
@ -6270,6 +6272,12 @@ expand_skip_interface(struct node_if *interfaces)
return (0); return (0);
} }
void
freehostlist(struct node_host *h)
{
FREE_LIST(struct node_host, h);
}
#undef FREE_LIST #undef FREE_LIST
#undef LOOP_THROUGH #undef LOOP_THROUGH

2
sbin/pfctl/pfctl_parser.h
View File

@ -137,6 +137,8 @@ struct node_host {
struct node_host *tail; struct node_host *tail;
}; };
void freehostlist(struct node_host *);
struct node_mac { struct node_mac {
u_int8_t mac[ETHER_ADDR_LEN]; u_int8_t mac[ETHER_ADDR_LEN];
u_int8_t mask[ETHER_ADDR_LEN]; u_int8_t mask[ETHER_ADDR_LEN];