bin/91245: [patch] ipfw(8) sometimes treat ipv6 input as ipv4

Fredrik Lindberg fli at shapeshifter.se
Mon Jan 2 16:30:11 PST 2006 

>Number:         91245
>Category:       bin
>Synopsis:       [patch] ipfw(8) sometimes treat ipv6 input as ipv4
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 03 00:30:08 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Fredrik Lindberg
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD genesis.int.shapeshifter.se 7.0-CURRENT FreeBSD 7.0-CURRENT #6: Tue Dec 6 22:01:51 CET 2005 root at genesis.int.shapeshifter.se:/usr/obj/usr/src/sys/GENESIS i386


	
>Description:
ipfw(8) fails to parse ipv6 input when given a netmask or list of
ipv6 addresses. The input is then treated as ipv4 internally by ipfw(8).

>How-To-Repeat:
>Fix:
This occurs in add_src()/add_dst(). Because the ipfw commands which
triggers this never explicitly states that it is ipv6 (allow tcp from),
proto will never be set to IPPROTO_IPV6/IPPROTO_IP and the code will
resort to the inet_pton() check, which is fine with a single
ipv6-address but not with a netmask or a list.
 
This is the easiest possible fix. Treat input as ipv6 if there are
atleast two colon signs `:' in it.
 
Another solution might be to extract the recognition logic from
the fill_ip/fill_ip6 routines for use in add_src/add_dst, but
that would require alot more work.

--- ipfw2.c-20060102.patch begins here ---
Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.80
diff -u -r1.80 ipfw2.c
--- ipfw2.c	29 Nov 2005 15:25:09 -0000	1.80
+++ ipfw2.c	2 Jan 2006 20:22:14 -0000
@@ -3703,7 +3703,8 @@
 	struct in6_addr a;
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, av, &a))
+	    inet_pton(AF_INET6, av, &a) ||
+	    strchr(av, ':') != strrchr(av, ':'))
 		return add_srcip6(cmd, av);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
@@ -3721,7 +3722,8 @@
 	struct in6_addr a;
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, av, &a))
+	    inet_pton(AF_INET6, av, &a) ||
+	    strchr(av, ':') != strrchr(av, ':'))
 		return add_dstip6(cmd, av);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
--- ipfw2.c-20060102.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:
 >ipfw add allow tcp from 03f1::234:123:0342/24 to me
 ipfw: hostname ``03f1'' unknown
  
 >ipfw add allow tcp from 1234::234:123:1,03f1::234:123:2 to me
 ipfw: bad netmask ``:234:123:1,03f1::234:123:2''

More information about the freebsd-bugs mailing list