From 980ccceb94452d5700cbe5b129185576f19b135a Mon Sep 17 00:00:00 2001
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Tue, 14 Jun 2011 13:02:26 +0000
Subject: [PATCH] Check nat id a bit more strictly.

---
 sbin/ipfw/nat.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/sbin/ipfw/nat.c b/sbin/ipfw/nat.c
index 0331d3836598..e91c6ec29161 100644
--- a/sbin/ipfw/nat.c
+++ b/sbin/ipfw/nat.c
@@ -721,16 +721,18 @@ ipfw_config_nat(int ac, char **av)
 {
 	struct cfg_nat *n;		/* Nat instance configuration. */
 	int i, off, tok, ac1;
-	char *id, *buf, **av1;
+	char *id, *buf, **av1, *end;
 	size_t len;
 
 	av++; ac--;
 	/* Nat id. */
-	if (ac && isdigit(**av)) {
-		id = *av;
-		ac--; av++;
-	} else
+	if (ac == 0)
 		errx(EX_DATAERR, "missing nat id");
+	id = *av;
+	i = (int)strtol(id, &end, 0);
+	if (i <= 0 || *end != '\0')
+		errx(EX_DATAERR, "illegal nat id: %s", id);
+	av++; ac--;
 	if (ac == 0)
 		errx(EX_DATAERR, "missing option");
 
@@ -787,7 +789,6 @@ ipfw_config_nat(int ac, char **av)
 	off = sizeof(*n);
 	memset(buf, 0, len);
 	n = (struct cfg_nat *)buf;
-	i = atoi(id);
 	n->id = i;
 
 	while (ac > 0) {