The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8ac3a178534344d8b3b0295b831cab763d466c19
commit 8ac3a178534344d8b3b0295b831cab763d466c19 Author: Kristof Provost <[email protected]> AuthorDate: 2022-01-05 20:31:02 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2022-02-18 10:15:31 +0000 pfctl: improve error reporting for routehost If an invalid (i.e. overly long) interface name is specified error out immediately, rather than in expand_rule() so we point at the incorrect line. PR: 260958 MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D34008 (cherry picked from commit e68de6694381748b7578703b22580c0f17780b32) --- sbin/pfctl/parse.y | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index f06462bda864..1a39e3b2b319 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4536,6 +4536,10 @@ route_host : STRING { $$ = calloc(1, sizeof(struct node_host)); if ($$ == NULL) err(1, "route_host: calloc"); + if (strlen($1) >= IFNAMSIZ) { + yyerror("interface name too long"); + YYERROR; + } $$->ifname = strdup($1); set_ipmask($$, 128); $$->next = NULL; @@ -4545,8 +4549,13 @@ route_host : STRING { struct node_host *n; $$ = $3; - for (n = $3; n != NULL; n = n->next) + for (n = $3; n != NULL; n = n->next) { + if (strlen($2) >= IFNAMSIZ) { + yyerror("interface name too long"); + YYERROR; + } n->ifname = strdup($2); + } } ;
