From c2221c35363ef26790d2b66d1ba7ab7dd0e94956 Mon Sep 17 00:00:00 2001
From: Max Laier <mlaier@FreeBSD.org>
Date: Sun, 7 Jan 2007 03:02:02 +0000
Subject: [PATCH] Fix a parsing bug when specifying more than one address with
 dotted decimal netmask.

Reported by:	Igor Anishchuk
PR:		kern/107565
MFC after:	3 days
---
 sbin/ipfw/ipfw2.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index 35c579c3ab8e..cd640d2264ae 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -2763,13 +2763,17 @@ fill_ip(ipfw_insn_ip *cmd, char *av)
 	 * ',' indicating another address follows, '{' indicating a
 	 * set of addresses of unspecified size.
 	 */
-	char *p = strpbrk(av, "/:,{");
+	char *t = NULL, *p = strpbrk(av, "/:,{");
 	int masklen;
-	char md;
+	char md, nd;
 
 	if (p) {
 		md = *p;
 		*p++ = '\0';
+		if ((t = strpbrk(p, ",{")) != NULL) {
+			nd = *t;
+			*t = '\0';
+		}
 	} else
 		md = '\0';
 
@@ -2803,6 +2807,8 @@ fill_ip(ipfw_insn_ip *cmd, char *av)
 		break;
 	}
 	d[0] &= d[1];		/* mask base address with mask */
+	if (t)
+		*t = nd;
 	/* find next separator */
 	if (p)
 		p = strpbrk(p, ",{");