svn commit: r330665 - head/sbin/ipfw
Conrad Meyer
cem at FreeBSD.org
Thu Mar 8 17:23:19 UTC 2018
Author: cem
Date: Thu Mar 8 17:23:18 2018
New Revision: 330665
URL: https://svnweb.freebsd.org/changeset/base/330665
Log:
ipfw(8): Fix endianness for Legacy and Ipv4 table hostname values
The lookup_host() helper subroutine emits a struct in_addr value in network
byte order via caller passed pointer. However, the table value is expected
to be stored in host byte order. On little-endian machines, this produced a
reversed endian table value for Legacy or IPv4 table types when the value
was a hostname (instead of a plain IP address).
Fix by using ntohl() on the output 32-bit address.
While here, avoid some aliasing violations by storing the lookup_host()
output in an intermediate object of the correct type.
PR: 226429
Reported by: bugs.freebsd.org AT mx.zzux.com (also: Tested by)
Security: ipfw hostname table rules could potentially not act as admin intended
Sponsored by: Dell EMC Isilon
Modified:
head/sbin/ipfw/tables.c
Modified: head/sbin/ipfw/tables.c
==============================================================================
--- head/sbin/ipfw/tables.c Thu Mar 8 17:14:16 2018 (r330664)
+++ head/sbin/ipfw/tables.c Thu Mar 8 17:23:18 2018 (r330665)
@@ -1471,6 +1471,7 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
uint32_t i;
int dval;
char *comma, *e, *etype, *n, *p;
+ struct in_addr ipaddr;
v = &tent->v.value;
@@ -1487,8 +1488,8 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
return;
}
/* Try hostname */
- if (lookup_host(arg, (struct in_addr *)&val) == 0) {
- set_legacy_value(val, v);
+ if (lookup_host(arg, &ipaddr) == 0) {
+ set_legacy_value(ntohl(ipaddr.s_addr), v);
return;
}
errx(EX_OSERR, "Unable to parse value %s", arg);
@@ -1557,8 +1558,10 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
v->nh4 = ntohl(a4);
break;
}
- if (lookup_host(n, (struct in_addr *)&v->nh4) == 0)
+ if (lookup_host(n, &ipaddr) == 0) {
+ v->nh4 = ntohl(ipaddr.s_addr);
break;
+ }
etype = "ipv4";
break;
case IPFW_VTYPE_DSCP:
More information about the svn-src-all
mailing list