ifconfig(8): require specification of address family

Sun, 22 Oct 2017 09:46:15 -0700 

At the moment ifconfig(8) sets address of `inet` family if no
address family specified and some unrecognized parameter given.
This has security and UX implications:

Because inet addresses mix with other ifconfig(8) parameters,
a misspelled parameter will be assumed to be an inet address.
Since it is possible to set an inet address from a hostname,
gethostbyname(3) will eventually look up this parameter as
an address via DNS. One may run something like
`ifconfig iwm0 wpakeysecretpassword` and `wpakeysecretpassword`
will be sent over the wire.

If a user misspelled a parameter they have to wait for undefined 
amount of time for DNS lookup to finish (DNS server may not be
available). 

This patch is to make address family a required parameter when
setting an address.


Index: ifconfig.8
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
retrieving revision 1.288
diff -u -p -r1.288 ifconfig.8
--- ifconfig.8  14 Sep 2017 13:02:12 -0000      1.288
+++ ifconfig.8  22 Oct 2017 15:25:45 -0000
@@ -41,11 +41,13 @@
 .Nm ifconfig
 .Op Fl AaC
 .Op Ar interface
-.Op Ar address_family
+.Oo
+.Ar address_family
 .Oo
 .Ar address
 .Op Ar dest_address
 .Oc
+.Oc
 .Op Ar parameters
 .Sh DESCRIPTION
 The
@@ -108,8 +110,6 @@ interfaces).
 .It Ar address_family
 Specifies the address family
 which affects interpretation of the remaining parameters.
-Since an interface can receive transmissions in differing protocols
-with different naming schemes, specifying the address family is
recommended.
 The address or protocol families currently
 supported are
 .Dq inet
Index: ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.348
diff -u -p -r1.348 ifconfig.c
--- ifconfig.c  29 Aug 2017 21:10:20 -0000      1.348
+++ ifconfig.c  22 Oct 2017 15:25:46 -0000
@@ -677,14 +677,15 @@ main(int argc, char *argv[])
                errx(1, "interface name '%s' too long", *argv);
        argc--, argv++;
        if (argc > 0) {
-               for (afp = rafp = afs; rafp->af_name; rafp++)
+               for (rafp = afs; rafp->af_name; rafp++)
                        if (strcmp(rafp->af_name, *argv) == 0) {
                                afp = rafp;
                                argc--;
                                argv++;
                                break;
                        }
-               rafp = afp;
+               if (!afp)
+                       errx(1, "invalid address family: %s", *argv);
                af = ifr.ifr_addr.sa_family = rafp->af_af;
        }
        if (Cflag) {

Reply via email to