kern/73276: ipfw2 vulnerability (parser error)
Jon Simola
jsimola at gmail.com
Tue May 10 11:50:08 PDT 2005
The following reply was made to PR kern/73276; it has been noted by GNATS.
From: Jon Simola <jsimola at gmail.com>
To: bug-followup at freebsd.org
Cc:
Subject: Re: kern/73276: ipfw2 vulnerability (parser error)
Date: Tue, 10 May 2005 11:45:55 -0700
On 5/10/05, Tilman Linneweh <arved at freebsd.org> wrote:
> Synopsis: ipfw2 vulnerability (parser error)
>=20
> Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
> Responsible-Changed-By: arved
> Responsible-Changed-When: Tue May 10 13:50:30 GMT 2005
> Responsible-Changed-Why:
> Over to ipfw mailinglist
>=20
> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D73276
More accurately, anything after the closing '}' is ignored by the
parser. I'm pretty sure this fixes that.
--- ipfw2.c.orig Tue May 10 08:45:12 2005
+++ ipfw2.c Tue May 10 09:53:08 2005
@@ -2088,8 +2088,11 @@
i =3D -1;
if (*s =3D=3D '-')
i =3D a;
- else if (*s =3D=3D '}')
+ else if (*s =3D=3D '}') {
+ if (strlen(s) > 1)
+ errx(EX_DATAERR, "trailing garbage after '}=
'");
break;
+ }
av =3D s+1;
}
return;
--=20
Jon Simola
Systems Administrator
ABC Communications
More information about the freebsd-ipfw
mailing list