Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't silently take the first element of multiple element variables.

Browse Source
This commit is contained in:
christos 2017-01-11 02:11:21 +00:00
parent 5da201fb8b
commit f07757667e
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
usr.sbin/npf/npfctl/npf_parse.y
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_parse.y,v 1.40 2017/01/03 01:29:49 rmind Exp $ */ /* $NetBSD: npf_parse.y,v 1.41 2017/01/11 02:11:21 christos Exp $ */
/*- /*-
* Copyright (c) 2011-2017 The NetBSD Foundation, Inc. * Copyright (c) 2011-2017 The NetBSD Foundation, Inc.
@ -665,6 +665,8 @@ addr_or_ifaddr
} }
| static_ifaddrs | static_ifaddrs
{ {
if (npfvar_get_count($1) != 1)
yyerror("multiple interfaces are not supported");
ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0); ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0);
$$ = ifna->ifna_addrs; $$ = ifna->ifna_addrs;
} }
@ -765,6 +767,8 @@ tcp_flags_and_mask
} }
| FLAGS tcp_flags | FLAGS tcp_flags
{ {
if (npfvar_get_count($2) != 1)
yyerror("multiple tcpflags are not supported");
char *s = npfvar_get_data($2, NPFVAR_TCPFLAG, 0); char *s = npfvar_get_data($2, NPFVAR_TCPFLAG, 0);
npfvar_add_elements($2, npfctl_parse_tcpflag(s)); npfvar_add_elements($2, npfctl_parse_tcpflag(s));
$$ = $2; $$ = $2;
@ -804,6 +808,9 @@ ifname
$$ = npfvar_expand_string(vp); $$ = npfvar_expand_string(vp);
break; break;
case NPFVAR_INTERFACE: case NPFVAR_INTERFACE:
if (npfvar_get_count(vp) != 1)
yyerror(
"multiple interfaces are not supported");
ifna = npfvar_get_data(vp, type, 0); ifna = npfvar_get_data(vp, type, 0);
$$ = ifna->ifna_name; $$ = ifna->ifna_name;
break; break;
@ -838,6 +845,8 @@ ifref
| dynamic_ifaddrs | dynamic_ifaddrs
| static_ifaddrs | static_ifaddrs
{ {
if (npfvar_get_count($1) != 1)
yyerror("multiple interfaces are not supported");
ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0); ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0);
npfctl_note_interface(ifna->ifna_name); npfctl_note_interface(ifna->ifna_name);
$$ = ifna->ifna_name; $$ = ifna->ifna_name;

8
usr.sbin/npf/npfctl/npf_var.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_var.c,v 1.9 2015/07/12 23:54:44 rmind Exp $ */ /* $NetBSD: npf_var.c,v 1.10 2017/01/11 02:11:21 christos Exp $ */
/*- /*-
* Copyright (c) 2011-2012 The NetBSD Foundation, Inc. * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@ -30,7 +30,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__RCSID("$NetBSD: npf_var.c,v 1.9 2015/07/12 23:54:44 rmind Exp $"); __RCSID("$NetBSD: npf_var.c,v 1.10 2017/01/11 02:11:21 christos Exp $");
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@ -188,6 +188,10 @@ npfvar_destroy(npfvar_t *vp)
char * char *
npfvar_expand_string(const npfvar_t *vp) npfvar_expand_string(const npfvar_t *vp)
{ {
if (npfvar_get_count(vp) != 1)
yyerror("variable '%s' type '%s' has %zu elements", vp->v_key,
npfvar_type(vp->v_type), npfvar_get_count(vp));
return npfvar_get_data(vp, NPFVAR_STRING, 0); return npfvar_get_data(vp, NPFVAR_STRING, 0);
} }