The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=637d81c52d2153fabbc72e2644199176e1042ab5
commit 637d81c52d2153fabbc72e2644199176e1042ab5
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2024-08-29 10:02:51 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2024-09-16 11:48:49 +0000
pfctl: fix incorrect optimization
In the non-optimized case, an address list containing "any" (ie. { any
10.0.0.1 })
should be folded in the parser to any, not to 10.0.0.1. How long this bug
has
been with us is unclear.
ok guenther mcbride
Obtained from: OpenBSD, deraadt <dera...@openbsd.org>, e3b4bc25a0
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46580
---
sbin/pfctl/parse.y | 14 +++++++++++---
sbin/pfctl/pfctl_parser.h | 2 ++
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 0c551d2ef49f..55b5310b61e3 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -3572,11 +3572,13 @@ toipspec : TO ipspec { $$ =
$2; }
host_list : ipspec optnl { $$ = $1; }
| host_list comma ipspec optnl {
- if ($3 == NULL)
+ if ($1 == NULL) {
+ freehostlist($3);
$$ = $1;
- else if ($1 == NULL)
+ } else if ($3 == NULL) {
+ freehostlist($1);
$$ = $3;
- else {
+ } else {
$1->tail->next = $3;
$1->tail = $3->tail;
$$ = $1;
@@ -6270,6 +6272,12 @@ expand_skip_interface(struct node_if *interfaces)
return (0);
}
+void
+freehostlist(struct node_host *h)
+{
+ FREE_LIST(struct node_host, h);
+}
+
#undef FREE_LIST
#undef LOOP_THROUGH
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 6de998b34e52..550005508f40 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -137,6 +137,8 @@ struct node_host {
struct node_host *tail;
};
+void freehostlist(struct node_host *);
+
struct node_mac {
u_int8_t mac[ETHER_ADDR_LEN];
u_int8_t mask[ETHER_ADDR_LEN];
