Fwd: 5.2-RC + ipfw

Sat Dec 13 10:47:10 PST 2003

[ CC: Luigi ]

On Sat, 13 Dec 2003, 11:49-0000, Nate Grey wrote:

> Hello,
>
> on 5.2-RC I get this error from ipfw:
>
>  ipfw in free(): error: modified (chunk -) pointer
>  Aboirt trap (core dumped)
>
> examining my firewall script I noticed that error occurs when ipfw try to
> load this rules
>
> fwcmd="/sbin/ipfw -q/"
> ${fwcmd} add 310 set 1 deny ip from $bad_guys to any in recv ep0
> ${fwcmd} add 310 set 2 deny ip from any to $bad_guys out via ep0
>
> badguys are:
>
> bad_guys="(\
> 127.0.0.0/8 or \
> 192.168.0.1/16 or \
> 10.0.0.0/8 or \
> 172.16.0.0/12 or \
> 0.0.0.0/8 or \
> 169.254.0.0/16 or \
> 192.0.2.0/24 or \
> 224.0.0.0/4 \
> )"
>
> anyway, according to `ipfw sh` output the rules are loaded.

Please try an enclosed patch or put a whitespace right after the '('
before '\'.

Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.42
diff -u -r1.42 ipfw2.c

--- ipfw2.c	31 Oct 2003 18:31:55 -0000	1.42
+++ ipfw2.c	13 Dec 2003 18:42:18 -0000
@@ -2901,15 +2901,14 @@
 		goto done;

 #define OR_START(target)					\
-	if (ac && (*av[0] == '(' || *av[0] == '{')) {		\
+	if (ac && (						\
+	    !strncmp(*av, "(", strlen(*av)) ||			\
+	    !strncmp(*av, "{", strlen(*av)) )) {		\
 		if (open_par)					\
 			errx(EX_USAGE, "nested \"(\" not allowed\n"); \
 		prev = NULL;					\
 		open_par = 1;					\
-		if ( (av[0])[1] == '\0') {			\
-			ac--; av++;				\
-		} else						\
-			(*av)++;				\
+		ac--; av++;					\
 	}							\
 	target:							\

%%%

-- 
Maxim Konovalov, maxim at macomnet.ru, maxim at FreeBSD.org
