[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: system/3638: Shortened Addresses in pf are dumb and prone to human error
The following reply was made to PR system/3638; it has been noted by GNATS.
From: Henning Brauer <henning@cvs.openbsd.org>
To: beck@bofh.cns.ualberta.ca
Cc: gnats@openbsd.org
Subject: Re: system/3638: Shortened Addresses in pf are dumb and prone to human error
Date: Mon, 19 Jan 2004 04:30:08 +0100
needs careful testing.
Index: pfctl_parser.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v
retrieving revision 1.187
diff -u -r1.187 pfctl_parser.c
--- pfctl_parser.c 31 Dec 2003 22:14:41 -0000 1.187
+++ pfctl_parser.c 19 Jan 2004 03:28:49 -0000
@@ -1326,17 +1326,24 @@
{
struct node_host *h = NULL;
struct in_addr ina;
- int bits;
+ int bits = 0;
memset(&ina, 0, sizeof(struct in_addr));
- if ((bits = inet_net_pton(AF_INET, s, &ina, sizeof(ina))) > -1) {
+ if (strrchr(s, '/') != NULL)
+ bits = inet_net_pton(AF_INET, s, &ina, sizeof(ina));
+ else
+ if (inet_pton(AF_INET, s, &ina) != 1)
+ bits = -1;
+
+ if (bits != -1) {
h = calloc(1, sizeof(struct node_host));
if (h == NULL)
err(1, "address: calloc");
h->ifname = NULL;
h->af = AF_INET;
h->addr.v.a.addr.addr32[0] = ina.s_addr;
- set_ipmask(h, bits);
+ if (bits > 0)
+ set_ipmask(h, bits);
h->next = NULL;
h->tail = h;
}