misc/89079: pfctl does not check interface name against list of
known interfaces with () operator
Vladimir Kotal
vlada at devnull.cz
Tue Nov 15 17:10:25 GMT 2005
>Number: 89079
>Category: misc
>Synopsis: pfctl does not check interface name against list of known interfaces with () operator
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 15 17:10:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Vladimir Kotal
>Release: 5.4-RELEASE
>Organization:
>Environment:
FreeBSD worm 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 root at harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
pfctl(8) does not check interface name against list of interfaces actually present.
>How-To-Repeat:
insert following line into valid pf.conf file:
pass out quick on $ext_if proto icmp from (XXX) to any keep state
where ext_if is name of aritrary interface in the system and load the config file via pfctl -f <file>.
when loaded, pfctl -s Interfaces would present list of valid interfaces along with 'XXX' "interface".
the problem lies in pfctl_parser.c:ifa_exists()
and in following parse.y code:
if (ifa_exists($2, 1) == NULL && strcmp($2, "self")) {
#ifndef __FreeBSD__
yyerror("interface %s does not exist", $2);
free(op);
YYERROR;
#endif
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list