Import from OpenBSD 1.168, dhartmei:

fix a bug in the input sanity check of DIOCCHANGERULE (not used by pfctl, but third-party tools). a rule must have a non-empty replacement address list when it's a translation rule but not an anchor call (i.e. "nat ... ->" needs a replacement address, but "nat-anchor ..." doesn't). the check confused "rule is an anchor call" with "rule is defined within an anchor". report from Michal Mertl, Max Laier. Obtained from: OpenBSD MFC after: 2 weeks
svn path=/head/; revision=160543
2024-12-03 09:00:21 +00:00 · 2006-07-21 09:48:13 +00:00 · 2006-07-21 09:48:13 +00:00 · cff1b3389b · 2020-12-20 02:59:44 +00:00
commit cff1b3389b
parent 12c4ea9abd
1 changed files with 3 additions and 2 deletions
--- a/sys/contrib/pf/net/pf_ioctl.c
+++ b/sys/contrib/pf/net/pf_ioctl.c
@ -1,5 +1,6 @@
 /*	$FreeBSD$	*/
-/*	$OpenBSD: pf_ioctl.c,v 1.139 2005/03/03 07:13:39 dhartmei Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.139 2005/03/03 07:13:39 dhartmei Exp $	*/
+/* add:	$OpenBSD: pf_ioctl.c,v 1.168 2006/07/21 01:21:17 dhartmei Exp $ */

 /*
 * Copyright (c) 2001 Daniel Hartmeier
@ -1815,7 +1816,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			    (newrule->action == PF_RDR) ||
 			    (newrule->action == PF_BINAT) ||
 			    (newrule->rt > PF_FASTROUTE)) &&
-			    !pcr->anchor[0])) &&
+			    !newrule->anchor)) &&
 			    (TAILQ_FIRST(&newrule->rpool.list) == NULL))
 				error = EINVAL;