CVS commit: src/usr.sbin/npf/npfctl

Tue, 10 Jan 2017 18:11:43 -0800 

Module Name:    src
Committed By:   christos
Date:           Wed Jan 11 02:11:21 UTC 2017

Modified Files:
        src/usr.sbin/npf/npfctl: npf_parse.y npf_var.c

Log Message:
Don't silently take the first element of multiple element variables.


To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 src/usr.sbin/npf/npfctl/npf_parse.y
cvs rdiff -u -r1.9 -r1.10 src/usr.sbin/npf/npfctl/npf_var.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/npf/npfctl/npf_parse.y
diff -u src/usr.sbin/npf/npfctl/npf_parse.y:1.40 src/usr.sbin/npf/npfctl/npf_parse.y:1.41
--- src/usr.sbin/npf/npfctl/npf_parse.y:1.40	Mon Jan  2 20:29:49 2017
+++ src/usr.sbin/npf/npfctl/npf_parse.y	Tue Jan 10 21:11:21 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_parse.y,v 1.40 2017/01/03 01:29:49 rmind Exp $	*/
+/*	$NetBSD: npf_parse.y,v 1.41 2017/01/11 02:11:21 christos Exp $	*/
 
 /*-
  * Copyright (c) 2011-2017 The NetBSD Foundation, Inc.
@@ -665,6 +665,8 @@ addr_or_ifaddr
 	}
 	| static_ifaddrs
 	{
+		if (npfvar_get_count($1) != 1)
+			yyerror("multiple interfaces are not supported");
 		ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0);
 		$$ = ifna->ifna_addrs;
 	}
@@ -765,6 +767,8 @@ tcp_flags_and_mask
 	}
 	| FLAGS tcp_flags
 	{
+		if (npfvar_get_count($2) != 1)
+			yyerror("multiple tcpflags are not supported");
 		char *s = npfvar_get_data($2, NPFVAR_TCPFLAG, 0);
 		npfvar_add_elements($2, npfctl_parse_tcpflag(s));
 		$$ = $2;
@@ -804,6 +808,9 @@ ifname
 			$$ = npfvar_expand_string(vp);
 			break;
 		case NPFVAR_INTERFACE:
+			if (npfvar_get_count(vp) != 1)
+				yyerror(
+				    "multiple interfaces are not supported");
 			ifna = npfvar_get_data(vp, type, 0);
 			$$ = ifna->ifna_name;
 			break;
@@ -838,6 +845,8 @@ ifref
 	| dynamic_ifaddrs
 	| static_ifaddrs
 	{
+		if (npfvar_get_count($1) != 1)
+			yyerror("multiple interfaces are not supported");
 		ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0);
 		npfctl_note_interface(ifna->ifna_name);
 		$$ = ifna->ifna_name;

Index: src/usr.sbin/npf/npfctl/npf_var.c
diff -u src/usr.sbin/npf/npfctl/npf_var.c:1.9 src/usr.sbin/npf/npfctl/npf_var.c:1.10
--- src/usr.sbin/npf/npfctl/npf_var.c:1.9	Sun Jul 12 19:54:44 2015
+++ src/usr.sbin/npf/npfctl/npf_var.c	Tue Jan 10 21:11:21 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_var.c,v 1.9 2015/07/12 23:54:44 rmind Exp $	*/
+/*	$NetBSD: npf_var.c,v 1.10 2017/01/11 02:11:21 christos Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_var.c,v 1.9 2015/07/12 23:54:44 rmind Exp $");
+__RCSID("$NetBSD: npf_var.c,v 1.10 2017/01/11 02:11:21 christos Exp $");
 
 #include <stdlib.h>
 #include <string.h>
@@ -188,6 +188,10 @@ npfvar_destroy(npfvar_t *vp)
 char *
 npfvar_expand_string(const npfvar_t *vp)
 {
+	if (npfvar_get_count(vp) != 1)
+		yyerror("variable '%s' type '%s' has %zu elements", vp->v_key,
+		    npfvar_type(vp->v_type), npfvar_get_count(vp));
+			
 	return npfvar_get_data(vp, NPFVAR_STRING, 0);
 }

Reply via email to