bin/80913: /sbin/ipfw2 silently discards MAC addr arg with improper
Guy F. Boyd
gfb at vta.com
Wed May 11 19:50:03 GMT 2005
>Number: 80913
>Category: bin
>Synopsis: /sbin/ipfw2 silently discards MAC addr arg with improper
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 11 19:50:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Guy F. Boyd
>Release: FreeBSD 4.11-STABLE i386
>Organization:
<VTA Technologies INC Atlanta Ga USA 30324>
>Environment:
System: FreeBSD nyc-end 4.11-STABLE FreeBSD 4.11-STABLE #4: Tue May 10
17:27:02 EDT 2005 root at nyc-end:/usr/src/sys/compile/NYC_END i386
Dell Optiplex GX200, FreeBSD 4-11 STABLE, i386
>Description:
/sbin/ipfw2 silently discards improperly formatted 6-byte Media
Access Controller address strings that contain ascii characters which
are outside of the range of the set of characters that correctly
represent 4-bit hex values. ipfw2 then processes the remaining
arguments into a firewall rule that may have unintended effects on the
total ruleset.
>How-To-Repeat:
# create a default deny rule
ipfw add 1000 deny all from any to any
# allow 1 client -- oops finger slipped on last '0' should be '0' not 'O'
ipfw add 999 allow all from any to any mac any 08:00:5b:00:aO:ac
# result:
nyc-end# ipfw show |grep 999
999 22739 2004155 allow ip from any to any MAC any any
arguably pilot error but ipfw should generate a syntax error
in this case instead.
>Fix:
$FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.4.2.23 2004/11/08 18:47:11 pjd Exp $
Add argument format checking to src/sbin/ipfw/ipfw2.c at add_mac() for
string arguments containing ':' delimiter. Return errx() as syntax error
for improperly formatted arguments. First pass at patch attached.
>Release-Note:
>Audit-Trail:
>Unformatted:
ascii chars, then adds rule
More information about the freebsd-bugs
mailing list