bin/80913: /sbin/ipfw2 silently discards MAC addr arg with improper

Guy F. Boyd gfb at vta.com
Wed May 11 19:50:03 GMT 2005


>Number:         80913
>Category:       bin
>Synopsis:       /sbin/ipfw2 silently discards MAC addr arg with improper
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 11 19:50:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Guy F. Boyd
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
<VTA Technologies INC Atlanta Ga USA 30324>
>Environment:
System: FreeBSD nyc-end 4.11-STABLE FreeBSD 4.11-STABLE #4: Tue May 10 
17:27:02 EDT 2005 root at nyc-end:/usr/src/sys/compile/NYC_END i386

	Dell Optiplex GX200, FreeBSD 4-11 STABLE, i386
>Description:

	/sbin/ipfw2 silently discards improperly formatted 6-byte Media 
	Access Controller address strings that contain ascii characters which 
	are outside of the range of the set of characters that correctly 
	represent 4-bit hex values. ipfw2 then processes the remaining 
	arguments into a firewall rule that may have unintended effects on the 
	total ruleset.

>How-To-Repeat:

	# create a default deny rule
	ipfw add 1000 deny all from any to any 

	# allow 1 client -- oops finger slipped on last '0' should be '0' not 'O'
	ipfw add 999 allow all from any to any mac any 08:00:5b:00:aO:ac

	# result:
	nyc-end# ipfw show |grep 999

	999 	22739	2004155		allow ip from any to any MAC any any

	arguably pilot error but ipfw should generate a syntax error
	in this case instead. 

>Fix:

	$FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.4.2.23 2004/11/08 18:47:11 pjd Exp $

	Add argument format checking to src/sbin/ipfw/ipfw2.c  at add_mac() for
	string arguments containing ':' delimiter. Return errx() as syntax error
	for improperly formatted arguments. First pass at patch attached.

>Release-Note:
>Audit-Trail:
>Unformatted:
 ascii chars, then adds rule


More information about the freebsd-bugs mailing list