From 5874f8c6b66921879547d69961b820ac4d1bcb4c Mon Sep 17 00:00:00 2001 From: kn Date: Sun, 10 Feb 2019 15:05:18 +0000 Subject: Anchor names must not be empty The parser would allow bogus input and sometimes even produce invalid rules on empty anchor names, so error out immediately. OK sashan --- sbin/pfctl/parse.y | 7 ++++++- sbin/pfctl/pfctl.c | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'sbin') diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 5123dbb10bf..446f515fe16 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.691 2019/02/10 14:55:58 kn Exp $ */ +/* $OpenBSD: parse.y,v 1.692 2019/02/10 15:05:17 kn Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -810,6 +810,11 @@ varset : STRING '=' varstring { ; anchorname : STRING { + if ($1[0] == '\0') { + free($1); + yyerror("anchor name must not be empty"); + YYERROR; + } if (strlen(pf->anchor->path) + 1 + strlen($1) >= PATH_MAX) { free($1); diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 25e40eb94b5..505ba3409e7 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.369 2019/01/29 10:58:31 kn Exp $ */ +/* $OpenBSD: pfctl.c,v 1.370 2019/02/10 15:05:17 kn Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2441,6 +2441,8 @@ main(int argc, char *argv[]) memset(anchorname, 0, sizeof(anchorname)); if (anchoropt != NULL) { + if (anchoropt[0] == '\0') + errx(1, "anchor name must not be empty"); if (mode == O_RDONLY && showopt == NULL && tblcmdopt == NULL) { warnx("anchors apply to -f, -F, -s, and -T only"); usage(); -- cgit v1.2.3