[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: system/3638: Shortened Addresses in pf are dumb and prone to human error



The following reply was made to PR system/3638; it has been noted by GNATS.

From: henning_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
To: gnats_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Cc:  
Subject: Re: system/3638: Shortened Addresses in pf are dumb and prone to human error
Date: Mon, 19 Jan 2004 04:55:44 +0100

 * Henning Brauer <henning_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org> [2004-01-19 04:45]:
 >  needs careful testing.
 
 better, doesn't break 1.2.3.4/0
 
 Index: pfctl_parser.c
 ===================================================================
 RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v
 retrieving revision 1.187
 diff -u -r1.187 pfctl_parser.c
 --- pfctl_parser.c	31 Dec 2003 22:14:41 -0000	1.187
 +++ pfctl_parser.c	19 Jan 2004 03:53:24 -0000
 @@ -1326,20 +1326,27 @@
  {
  	struct node_host	*h = NULL;
  	struct in_addr		 ina;
 -	int			 bits;
 +	int			 bits = -1;
  
  	memset(&ina, 0, sizeof(struct in_addr));
 -	if ((bits = inet_net_pton(AF_INET, s, &ina, sizeof(ina))) > -1) {
 -		h = calloc(1, sizeof(struct node_host));
 -		if (h == NULL)
 -			err(1, "address: calloc");
 -		h->ifname = NULL;
 -		h->af = AF_INET;
 -		h->addr.v.a.addr.addr32[0] = ina.s_addr;
 -		set_ipmask(h, bits);
 -		h->next = NULL;
 -		h->tail = h;
 +	if (strrchr(s, '/') != NULL) {
 +		if ((bits = inet_net_pton(AF_INET, s, &ina, sizeof(ina))) == -1)
 +			return (NULL);
 +	} else {
 +		if (inet_pton(AF_INET, s, &ina) != 1)
 +			return (NULL);
  	}
 +
 +	h = calloc(1, sizeof(struct node_host));
 +	if (h == NULL)
 +		err(1, "address: calloc");
 +	h->ifname = NULL;
 +	h->af = AF_INET;
 +	h->addr.v.a.addr.addr32[0] = ina.s_addr;
 +	if (bits != -1)
 +		set_ipmask(h, bits);
 +	h->next = NULL;
 +	h->tail = h;
  
  	return (h);
  }



Visit your host, monkey.org