ipfw(8): Fix endianness for Legacy and Ipv4 table hostname values

The lookup_host() helper subroutine emits a struct in_addr value in network byte order via caller passed pointer. However, the table value is expected to be stored in host byte order. On little-endian machines, this produced a reversed endian table value for Legacy or IPv4 table types when the value was a hostname (instead of a plain IP address). Fix by using ntohl() on the output 32-bit address. While here, avoid some aliasing violations by storing the lookup_host() output in an intermediate object of the correct type. PR: 226429 Reported by: bugs.freebsd.org AT mx.zzux.com (also: Tested by) Security: ipfw hostname table rules could potentially not act as admin intended Sponsored by: Dell EMC Isilon
svn path=/head/; revision=330665
2018-03-08 17:23:18 +00:00 · 2018-03-08 17:23:18 +00:00 · 4e0a8b6105 · 2020-12-20 02:59:44 +00:00
commit 4e0a8b6105
parent bde3b1e1a5
1 changed files with 6 additions and 3 deletions
--- a/sbin/ipfw/tables.c
+++ b/sbin/ipfw/tables.c
@ -1471,6 +1471,7 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
 	uint32_t i;
 	int dval;
 	char *comma, *e, *etype, *n, *p;
+	struct in_addr ipaddr;

 	v = &tent->v.value;

@ -1487,8 +1488,8 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
 			return;
 		}
 		/* Try hostname */
-		if (lookup_host(arg, (struct in_addr *)&val) == 0) {
-			set_legacy_value(val, v);
+		if (lookup_host(arg, &ipaddr) == 0) {
+			set_legacy_value(ntohl(ipaddr.s_addr), v);
 			return;
 		}
 		errx(EX_OSERR, "Unable to parse value %s", arg);
@ -1557,8 +1558,10 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
 				v->nh4 = ntohl(a4);
 				break;
 			}
-			if (lookup_host(n, (struct in_addr *)&v->nh4) == 0)
+			if (lookup_host(n, &ipaddr) == 0) {
+				v->nh4 = ntohl(ipaddr.s_addr);
 				break;
+			}
 			etype = "ipv4";
 			break;
 		case IPFW_VTYPE_DSCP: