sbin/ipfw: Fix parsing error in table based forward

The argument parser does not recognise the optional port for an
"tablearg" argument.  Fix simplifies the code by make the internal
representation expicit for the parser.

PR:		252744
MFC:		1 week
Reported by:	<bugs.freebsd.org@mx.zzux.com>
Approved by:	nc
Tested by:	<bugs.freebsd.org@mx.zzux.com>
Differential Revision: https://reviews.freebsd.org/D30164
This commit is contained in:
Lutz Donnerhacke 2021-05-07 20:59:34 +02:00
parent 9146c6240d
commit 6cb13813ca

View File

@ -4021,57 +4021,54 @@ compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate)
NEED1("missing forward address[:port]"); NEED1("missing forward address[:port]");
if (_substrcmp(*av, "tablearg") == 0) { if (strncmp(*av, "tablearg", 8) == 0)
family = PF_INET; memcpy(++(*av), "0.0.0.0", 7);
((struct sockaddr_in*)&result)->sin_addr.s_addr =
INADDR_ANY;
} else {
/*
* Are we an bracket-enclosed IPv6 address?
*/
if (strchr(*av, '['))
(*av)++;
/* /*
* locate the address-port separator (':' or ',') * Are we an bracket-enclosed IPv6 address?
*/ */
s = strchr(*av, ','); if (strchr(*av, '['))
if (s == NULL) { (*av)++;
s = strchr(*av, ']');
/* Prevent erroneous parsing on brackets. */
if (s != NULL)
*(s++) = '\0';
else
s = *av;
/* Distinguish between IPv4:port and IPv6 cases. */ /*
s = strchr(s, ':'); * locate the address-port separator (':' or ',')
if (s && strchr(s+1, ':')) */
s = NULL; /* no port */ s = strchr(*av, ',');
} if (s == NULL) {
s = strchr(*av, ']');
if (s != NULL) { /* Prevent erroneous parsing on brackets. */
/* Terminate host portion and set s to start of port. */ if (s != NULL)
*(s++) = '\0'; *(s++) = '\0';
i = strtoport(s, &end, 0 /* base */, 0 /* proto */); else
if (s == end) s = *av;
errx(EX_DATAERR,
"illegal forwarding port ``%s''", s);
port_number = (u_short)i;
}
/* /* Distinguish between IPv4:port and IPv6 cases. */
* Resolve the host name or address to a family and a s = strchr(s, ':');
* network representation of the address. if (s && strchr(s+1, ':'))
*/ s = NULL; /* no port */
if (getaddrinfo(*av, NULL, NULL, &res))
errx(EX_DATAERR, NULL);
/* Just use the first host in the answer. */
family = res->ai_family;
memcpy(&result, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
} }
if (s != NULL) {
/* Terminate host portion and set s to start of port. */
*(s++) = '\0';
i = strtoport(s, &end, 0 /* base */, 0 /* proto */);
if (s == end)
errx(EX_DATAERR,
"illegal forwarding port ``%s''", s);
port_number = (u_short)i;
}
/*
* Resolve the host name or address to a family and a
* network representation of the address.
*/
if (getaddrinfo(*av, NULL, NULL, &res))
errx(EX_DATAERR, NULL);
/* Just use the first host in the answer. */
family = res->ai_family;
memcpy(&result, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
if (family == PF_INET) { if (family == PF_INET) {
ipfw_insn_sa *p = (ipfw_insn_sa *)action; ipfw_insn_sa *p = (ipfw_insn_sa *)action;