summaryrefslogtreecommitdiff
path: root/sbin/pfctl/parse.y
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2010-07-03 02:28:58 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2010-07-03 02:28:58 +0000
commit6c2dd32f93b7a96d6e8d75a400f96f5722409563 (patch)
tree889d12fd5a7dd1b522acf794335588607624a0da /sbin/pfctl/parse.y
parentf8ceffca4a3004ff92d5dadb0907b715c0dc43d1 (diff)
Fix a couple of problems with printing of anchors, in particular recursive
printing, both of inline anchors and when requested explicitly with a '*' in the anchor. - Correct recursive printing of wildcard anchors (recurse into child anchors rather than rules, which don't exist) - Print multi-part anchor paths correctly (pr6065) - Fix comments and prevent users from specifying multi-component names for inline anchors. tested by phessler ok henning
Diffstat (limited to 'sbin/pfctl/parse.y')
-rw-r--r--sbin/pfctl/parse.y18
1 files changed, 15 insertions, 3 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 8f92e2f265b..8dbdfded120 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.589 2010/03/23 13:31:29 henning Exp $ */
+/* $OpenBSD: parse.y,v 1.590 2010/07/03 02:28:57 mcbride Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -769,7 +769,12 @@ pfa_anchor : '{'
pf->bn++;
pf->brace = 1;
- /* create a holding ruleset in the root */
+ /*
+ * Anchor contents are parsed before the anchor rule
+ * production completes, so we don't know the real
+ * location yet. Create a holding ruleset in the root;
+ * contents will be moved afterwards.
+ */
snprintf(ta, PF_ANCHOR_NAME_SIZE, "_%d", pf->bn);
rs = pf_find_or_create_ruleset(ta);
if (rs == NULL)
@@ -806,7 +811,14 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto
memset(&r, 0, sizeof(r));
if (pf->astack[pf->asd + 1]) {
- /* move inline rules into relative location */
+ if ($2 && strchr($2, '/') != NULL) {
+ free($2);
+ yyerror("anchor paths containing '/' "
+ "cannot be used for inline anchors.");
+ YYERROR;
+ }
+
+ /* Move inline rules into relative location. */
pf_anchor_setup(&r,
&pf->astack[pf->asd]->ruleset,
$2 ? $2 : pf->alast->name);