diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2005-01-27 15:30:36 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2005-01-27 15:30:36 +0000 |
| commit | db2e8509fd98c86caac96035652519f2d162f283 (patch) | |
| tree | cf2c450fd27063a3610a0829c35567d866eb39c1 | |
| parent | 711496cca72868b66c8a2e3b107af235e483e5ab (diff) | |
dynamic interface names must start with a letter. catches the nonsensical
"(10.1.2.3)" that results from a simple typo like "$(ext_ip)" instead of
"$(ext_if)".
| -rw-r--r-- | regress/sbin/pfctl/Makefile | 4 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pfail49.in | 10 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pfail49.ok | 6 | ||||
| -rw-r--r-- | sbin/pfctl/parse.y | 7 |
4 files changed, 24 insertions, 3 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index 5fa577f5569..0de313c1827 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.184 2004/12/29 06:09:11 david Exp $ +# $OpenBSD: Makefile,v 1.185 2005/01/27 15:30:35 dhartmei Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok @@ -16,7 +16,7 @@ PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 27 -PFFAIL+=28 29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 +PFFAIL+=28 29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 PFSIMPLE=1 2 PFSETUP=1 2 3 4 PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29 diff --git a/regress/sbin/pfctl/pfail49.in b/regress/sbin/pfctl/pfail49.in new file mode 100644 index 00000000000..c5556e71f30 --- /dev/null +++ b/regress/sbin/pfctl/pfail49.in @@ -0,0 +1,10 @@ +# dynamic interfaces need not exist at load-time, but names must start +# with a letter. catches common macro typo cases of ($ext_ip) vs. ($ext_if) + +nat on lo0 from any to any -> (lo0) +nat on lo0 from any to any -> (lo0:0) +nat on lo0 from any to any -> (nonexistant0) +nat on lo0 from any to any -> (nonexistant0:0) +nat on lo0 from any to any -> (10.1.2.3) +nat on lo0 from any to any -> (10.1.2.3:0) + diff --git a/regress/sbin/pfctl/pfail49.ok b/regress/sbin/pfctl/pfail49.ok new file mode 100644 index 00000000000..fe853162e9d --- /dev/null +++ b/regress/sbin/pfctl/pfail49.ok @@ -0,0 +1,6 @@ +stdin:8: invalid interface name '10.1.2.3' +stdin:9: invalid interface name '10.1.2.3:0' +nat on lo0 all -> (lo0) round-robin +nat on lo0 all -> (lo0:0) +nat on lo0 all -> (nonexistant0) round-robin +nat on lo0 all -> (nonexistant0:0) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 29ee7d01825..f5fd8ac97bc 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.474 2005/01/05 18:23:10 mcbride Exp $ */ +/* $OpenBSD: parse.y,v 1.475 2005/01/27 15:30:35 dhartmei Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -2307,6 +2307,11 @@ dynaddr : '(' STRING ')' { char *p, *op; op = $2; + if (!isalpha(op[0])) { + yyerror("invalid interface name '%s'", op); + free(op); + YYERROR; + } while ((p = strrchr($2, ':')) != NULL) { if (!strcmp(p+1, "network")) flags |= PFI_AFLAG_NETWORK; |