summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2002-12-27 21:45:15 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2002-12-27 21:45:15 +0000
commit0f2aaee3bf5765755204a7204e66a03e67c18f29 (patch)
tree12cee9bb0a24c3560426d7098f282d84ea67a010
parent6468be5d29b9424086adb158f6424bdaa55b2c02 (diff)
Bugfix and better error handling:
- set rpool.cur in DIOCCHANGERULE - check to make sure rpool.list is not empty if we're doing translation or routing other than fastroute ok dhartmei@ henning@
-rw-r--r--sys/net/pf_ioctl.c23
1 files changed, 20 insertions, 3 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index bf370b2ec6e..b9a236121c7 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.32 2002/12/27 15:20:30 dhartmei Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.33 2002/12/27 21:45:14 mcbride Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -571,11 +571,18 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = EINVAL;
if (pf_dynaddr_setup(&rule->dst.addr, rule->af))
error = EINVAL;
+
+ pf_mv_pool(&pf_pabuf, &rule->rpool.list);
+ if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) ||
+ (rule->action == PF_BINAT)) && !rule->anchorname[0]) ||
+ (rule->rt > PF_FASTROUTE)) &&
+ (TAILQ_FIRST(&rule->rpool.list) == NULL))
+ error = EINVAL;
+
if (error) {
pf_rm_rule(NULL, rule);
break;
}
- pf_mv_pool(&pf_pabuf, &rule->rpool.list);
rule->rpool.cur = TAILQ_FIRST(&rule->rpool.list);
rule->evaluations = rule->packets = rule->bytes = 0;
TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr,
@@ -766,11 +773,21 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = EINVAL;
if (pf_dynaddr_setup(&newrule->dst.addr, newrule->af))
error = EINVAL;
+
+ pf_mv_pool(&pf_pabuf, &newrule->rpool.list);
+ if (((((newrule->action == PF_NAT) ||
+ (newrule->action == PF_RDR) ||
+ (newrule->action == PF_BINAT) ||
+ (newrule->rt > PF_FASTROUTE)) &&
+ !newrule->anchorname[0])) &&
+ (TAILQ_FIRST(&newrule->rpool.list) == NULL))
+ error = EINVAL;
+
if (error) {
pf_rm_rule(NULL, newrule);
break;
}
- pf_mv_pool(&pf_pabuf, &newrule->rpool.list);
+ newrule->rpool.cur = TAILQ_FIRST(&newrule->rpool.list);
newrule->evaluations = newrule->packets = 0;
newrule->bytes = 0;
}