summaryrefslogtreecommitdiff
path: root/sbin/pfctl
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2004-02-03 19:29:51 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2004-02-03 19:29:51 +0000
commit03da1de98b14f9d54e5227b966599e0ad30b053f (patch)
tree9a320154428193f1c0d082beb400e24ea3bff9b6 /sbin/pfctl
parent1af6e56a36ae947410dc615116a1e8de6434b001 (diff)
fix PR 3664 / jared r r spiegel
we need to save the unexpanded tag/tagged strings before entering the expansion loop, and at each loop, start with the unexpanded tag, so that on subsequent loops the macros are replaced with current values and not the values from previous loop persist ryan theo ok
Diffstat (limited to 'sbin/pfctl')
-rw-r--r--sbin/pfctl/parse.y15
1 files changed, 14 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index f5590f3fb52..ceb3e7e837c 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.436 2004/01/05 22:04:24 henning Exp $ */
+/* $OpenBSD: parse.y,v 1.437 2004/02/03 19:29:50 henning Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -3948,12 +3948,19 @@ expand_rule(struct pf_rule *r,
int added = 0, error = 0;
char ifname[IF_NAMESIZE];
char label[PF_RULE_LABEL_SIZE];
+ char tagname[PF_TAG_NAME_SIZE];
+ char match_tagname[PF_TAG_NAME_SIZE];
struct pf_pooladdr *pa;
struct node_host *h;
u_int8_t flags, flagset;
if (strlcpy(label, r->label, sizeof(label)) >= sizeof(label))
errx(1, "expand_rule: strlcpy");
+ if (strlcpy(tagname, r->tagname, sizeof(tagname)) >= sizeof(tagname))
+ errx(1, "expand_rule: strlcpy");
+ if (strlcpy(match_tagname, r->match_tagname, sizeof(match_tagname)) >=
+ sizeof(match_tagname))
+ errx(1, "expand_rule: strlcpy");
flags = r->flags;
flagset = r->flagset;
@@ -3996,6 +4003,12 @@ expand_rule(struct pf_rule *r,
if (strlcpy(r->label, label, sizeof(r->label)) >=
sizeof(r->label))
errx(1, "expand_rule: strlcpy");
+ if (strlcpy(r->tagname, tagname, sizeof(r->tagname)) >=
+ sizeof(r->tagname))
+ errx(1, "expand_rule: strlcpy");
+ if (strlcpy(r->match_tagname, match_tagname,
+ sizeof(r->match_tagname)) >= sizeof(r->match_tagname))
+ errx(1, "expand_rule: strlcpy");
expand_label(r->label, PF_RULE_LABEL_SIZE, r->ifname, r->af,
src_host, src_port, dst_host, dst_port, proto->proto);
expand_label(r->tagname, PF_TAG_NAME_SIZE, r->ifname, r->af,