CVSROOT: /cvs
Module name: src
Changes by: k...@cvs.openbsd.org 2019/03/29 20:45:14
Modified files:
sbin/pfctl : pfctl_parser.c
Log message:
Fail on invalid netmasks when filling tables
Fix a regression of revision 1.326 "Zap v4mask and v6mask in host()" which
allowed CIDR networks with more than one "/" to be loaded into tables.
I took care of this code path with regard to rules coming the ruleset
parser, which aborts earlier on such invalid specifications, but missed
`-T add 1/2/3' and the like.
Analyzed and fixed by Petr Hoffmann <petr dot hoffmann at oracle dot com>,
thanks!
OK deraadt
