kern/50947: BUG: port eq 25 does not work anymore (port = 25 does)

Mon Apr 14 08:10:14 PDT 2003

>Number:         50947
>Category:       kern
>Synopsis:       BUG: port eq 25 does not work anymore (port = 25 does)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 14 08:10:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Rene de Vries
>Release:        FreeBSD 4.7-RELEASE-p3 i386/FreeBSD 5.0-20030401 i386
>Organization:
Tunix Internet Security & Training
>Environment:
	FreeBSD 4.7/5.0, IPFilter 3.4.29/3.4.31

>Description:
	Change the order in which keywords are checked.
	The "isalnum" function also matches "eq", "ne", etc, so these
	are always found to be symbolic port names. When reversed, so
	first check "eq", "ne", etc these compares can still be used.

>How-To-Repeat:
	block in quick from any to any port eq 25
>Fix:

Diff against FreeBSD 5 (current as of 1 Apr 2003)

Index: contrib/ipfilter/common.c
===================================================================
RCS file: /home/fbsd-cvsrepo/src/contrib/ipfilter/common.c,v
retrieving revision 1.1.1.6
diff -u -r1.1.1.6 common.c

--- contrib/ipfilter/common.c	15 Feb 2003 06:27:40 -0000	1.1.1.6
+++ contrib/ipfilter/common.c	1 Apr 2003 11:31:03 -0000
@@ -263,7 +263,19 @@
 		return 0;
 	if (!strcasecmp(**seg, "port") && *(*seg + 1) && *(*seg + 2)) {
 		(*seg)++;
-		if (isalnum(***seg) && *(*seg + 2)) {
+		if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq"))
+			comp = FR_EQUAL;
+		else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne"))
+			comp = FR_NEQUAL;
+		else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt"))
+			comp = FR_LESST;
+		else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt"))
+			comp = FR_GREATERT;
+		else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le"))
+			comp = FR_LESSTE;
+		else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge"))
+			comp = FR_GREATERTE;
+		else if (isalnum(***seg) && *(*seg + 2)) {
 			if (portnum(**seg, pp, linenum) == 0)
 				return -1;
 			(*seg)++;
@@ -285,19 +297,7 @@
 			}
 			if (portnum(**seg, tp, linenum) == 0)
 				return -1;
-		} else if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq"))
-			comp = FR_EQUAL;
-		else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne"))
-			comp = FR_NEQUAL;
-		else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt"))
-			comp = FR_LESST;
-		else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt"))
-			comp = FR_GREATERT;
-		else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le"))
-			comp = FR_LESSTE;
-		else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge"))
-			comp = FR_GREATERTE;
-		else {
+		} else {
 			fprintf(stderr, "%d: unknown comparator (%s)\n",
 					linenum, **seg);
 			return -1;

>Release-Note:
>Audit-Trail:
>Unformatted:
