diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-10-31 07:02:36 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-10-31 07:02:36 +0000 |
| commit | 00155d94c95911dc2baedcfe0b620e67115781eb (patch) | |
| tree | d7c6ecfc6d70265f2b184b63f7f0db29bf54e2fe /sbin/pfctl/parse.y | |
| parent | 449abfd1cae84d644c099f6c5514781657922b58 (diff) | |
- don't allow anchors with _* names to be cleared or loaded from the
command line (but they can still be viewed)
- don't allow users to specify _* as an anchor name in the ruleset
- don't print _* anchor names with pfctl -sA unless -v is specified
'looks sensible' deraadt@
Diffstat (limited to 'sbin/pfctl/parse.y')
| -rw-r--r-- | sbin/pfctl/parse.y | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 128e87a6fa9..454bd58e80f 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.513 2006/10/28 14:29:05 mcbride Exp $ */ +/* $OpenBSD: parse.y,v 1.514 2006/10/31 07:02:35 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -672,6 +672,13 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto YYERROR; } + if ($2 && ($2[0] == '_' || strstr($2, "/_") != NULL)) { + free($2); + yyerror("anchor names beginning with '_' " + "are reserved for internal use"); + YYERROR; + } + memset(&r, 0, sizeof(r)); if (pf->astack[pf->asd + 1]) { if ($2) { |