git: b5f6f687a2ee - stable/13 - pfctl: improve error reporting for routehost
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 18 Feb 2022 10:46:03 UTC
The branch stable/13 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=b5f6f687a2eea520d93f2c1ca4e04efd7c2e367f
commit b5f6f687a2eea520d93f2c1ca4e04efd7c2e367f
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-01-05 20:31:02 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-02-18 10:14:58 +0000
pfctl: improve error reporting for routehost
If an invalid (i.e. overly long) interface name is specified error out
immediately, rather than in expand_rule() so we point at the incorrect
line.
PR: 260958
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D34008
(cherry picked from commit e68de6694381748b7578703b22580c0f17780b32)
---
sbin/pfctl/parse.y | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index c075a0d4607c..885b4f5ce50a 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -4544,6 +4544,10 @@ route_host : STRING {
$$ = calloc(1, sizeof(struct node_host));
if ($$ == NULL)
err(1, "route_host: calloc");
+ if (strlen($1) >= IFNAMSIZ) {
+ yyerror("interface name too long");
+ YYERROR;
+ }
$$->ifname = strdup($1);
set_ipmask($$, 128);
$$->next = NULL;
@@ -4553,8 +4557,13 @@ route_host : STRING {
struct node_host *n;
$$ = $3;
- for (n = $3; n != NULL; n = n->next)
+ for (n = $3; n != NULL; n = n->next) {
+ if (strlen($2) >= IFNAMSIZ) {
+ yyerror("interface name too long");
+ YYERROR;
+ }
n->ifname = strdup($2);
+ }
}
;