Hello,
I think time has come to ask for OKs.
The updated patch is below. The issue has been found within
PF's parse.y here:
5279 } else if (c == '\\') {
5280 if ((next = lgetc(quotec)) == EOF)
5281 return (0);
5282 if (next == quotec || c == ' ' || c == '\t')
5283 c = next;
5284 else if (next == '\n') {
5285 file->lineno++;
5286 continue;
5287 } else
the if() condition at line 5282 does not make sense as it is
granted by earlier line 5279 the `c` variable holds backslash
only.
Patch below fixes change from 2007 so yylex function will
behave according to original commit message:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
The patch below updates all yylex() functions I could find:
acme-client
bgpd
dvmrpd
eigrpd
hostapd
httpd
ifstated
iked
ipsecctl
iscsictl
ldapd
ldomctl
ldpd
lpd
npppd
ntpd
ospf6d
ospfd
pfctl
rad
radiusd
relayd
ripd
smtpd
snmpd
switchd
vmd
ypldap
I did run regression tests as follows:
./regress/sbin/ipsecctl
./regress/sbin/pfctl
./regress/usr.sbin/bgpd
./regress/usr.sbin/httpd
./regress/usr.sbin/ifstated
./regress/usr.sbin/ldapd
./regress/usr.sbin/ospfd
./regress/usr.sbin/relayd
./regress/usr.sbin/snmpd
./regress/usr.sbin/switchd
./regress/usr.sbin/vmd
I could not run tests for acme-client. No issues were
found in my change.
The changed behavior of yylex() function will be shown
on pfctl.
Let pfctl load a ruleset as follows:
anchor "remo\ve\ backslash\ before\ space or tab" {
pass
}
Displaying the rules (doing 'pfctl -sr') loaded by current pfctl we get
output as follows:
anchor "remo\ve\ backslash\ before\ space or tab" all
Once the same rules get loaded by fixed pfctl the output
changes to:
anchor "remo\ve backslash before space or tab" all
thanks and
regards
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y
index 112049cdc6a..e3bb32d838e 100644
--- a/sbin/iked/parse.y
+++ b/sbin/iked/parse.y
@@ -1385,7 +1385,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index 4b8f84704cc..cb1cb0a488b 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1182,7 +1182,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 0791c9c01d7..69fddacd214 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -5279,7 +5279,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/acme-client/parse.y b/usr.sbin/acme-client/parse.y
index bcc8325506a..feffaaee7a0 100644
--- a/usr.sbin/acme-client/parse.y
+++ b/usr.sbin/acme-client/parse.y
@@ -604,7 +604,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return 0;
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index 9e2359f31a3..4d9ccc944eb 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -3106,7 +3106,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/dvmrpd/parse.y b/usr.sbin/dvmrpd/parse.y
index 65966206072..093566222b1 100644
--- a/usr.sbin/dvmrpd/parse.y
+++ b/usr.sbin/dvmrpd/parse.y
@@ -570,7 +570,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/eigrpd/parse.y b/usr.sbin/eigrpd/parse.y
index 1bb69f092c5..07316954ce1 100644
--- a/usr.sbin/eigrpd/parse.y
+++ b/usr.sbin/eigrpd/parse.y
@@ -819,7 +819,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/hostapd/parse.y b/usr.sbin/hostapd/parse.y
index b2736493ece..7bf8f9d40c1 100644
--- a/usr.sbin/hostapd/parse.y
+++ b/usr.sbin/hostapd/parse.y
@@ -1507,7 +1507,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y
index 4851182f5cd..72410d5ef0e 100644
--- a/usr.sbin/httpd/parse.y
+++ b/usr.sbin/httpd/parse.y
@@ -1488,7 +1488,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ifstated/parse.y b/usr.sbin/ifstated/parse.y
index 11577a6ca11..8540a46daa8 100644
--- a/usr.sbin/ifstated/parse.y
+++ b/usr.sbin/ifstated/parse.y
@@ -564,7 +564,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/iscsictl/parse.y b/usr.sbin/iscsictl/parse.y
index e86657fa633..b646b55487d 100644
--- a/usr.sbin/iscsictl/parse.y
+++ b/usr.sbin/iscsictl/parse.y
@@ -554,7 +554,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ldapd/parse.y b/usr.sbin/ldapd/parse.y
index e33fea03a39..f8932145833 100644
--- a/usr.sbin/ldapd/parse.y
+++ b/usr.sbin/ldapd/parse.y
@@ -649,7 +649,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ldomctl/parse.y b/usr.sbin/ldomctl/parse.y
index 359ff9a9e81..4d12d61fb8a 100644
--- a/usr.sbin/ldomctl/parse.y
+++ b/usr.sbin/ldomctl/parse.y
@@ -400,7 +400,8 @@ yylex(void)
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ldpd/parse.y b/usr.sbin/ldpd/parse.y
index 5197bb0c368..8df22bd11cb 100644
--- a/usr.sbin/ldpd/parse.y
+++ b/usr.sbin/ldpd/parse.y
@@ -1042,7 +1042,8 @@ yylex(void)
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/lpd/parse.y b/usr.sbin/lpd/parse.y
index 324076cb4d3..aae2aec9735 100644
--- a/usr.sbin/lpd/parse.y
+++ b/usr.sbin/lpd/parse.y
@@ -424,7 +424,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/npppd/npppd/parse.y b/usr.sbin/npppd/npppd/parse.y
index ca620782175..4d8fd78b2f9 100644
--- a/usr.sbin/npppd/npppd/parse.y
+++ b/usr.sbin/npppd/npppd/parse.y
@@ -1231,7 +1231,8 @@ yylex(void)
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ntpd/parse.y b/usr.sbin/ntpd/parse.y
index e30926b303e..a7127b4dc06 100644
--- a/usr.sbin/ntpd/parse.y
+++ b/usr.sbin/ntpd/parse.y
@@ -635,7 +635,8 @@ yylex(void)
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ospf6d/parse.y b/usr.sbin/ospf6d/parse.y
index 6b5ff9591a3..4ead71a441f 100644
--- a/usr.sbin/ospf6d/parse.y
+++ b/usr.sbin/ospf6d/parse.y
@@ -815,7 +815,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ospfd/parse.y b/usr.sbin/ospfd/parse.y
index 439ce8c831b..e8b291fc6d9 100644
--- a/usr.sbin/ospfd/parse.y
+++ b/usr.sbin/ospfd/parse.y
@@ -1009,7 +1009,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/rad/parse.y b/usr.sbin/rad/parse.y
index 8aedd2a499c..83ff6bdd799 100644
--- a/usr.sbin/rad/parse.y
+++ b/usr.sbin/rad/parse.y
@@ -626,7 +626,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/radiusd/parse.y b/usr.sbin/radiusd/parse.y
index 0b4a9b99368..e6895917365 100644
--- a/usr.sbin/radiusd/parse.y
+++ b/usr.sbin/radiusd/parse.y
@@ -563,7 +563,8 @@ yylex(void)
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 06789862a91..e8af5d6562c 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -2518,7 +2518,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ripd/parse.y b/usr.sbin/ripd/parse.y
index be6e1ede45c..bc78ff4d47e 100644
--- a/usr.sbin/ripd/parse.y
+++ b/usr.sbin/ripd/parse.y
@@ -595,7 +595,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index c3177e3f058..fa00f6dc7a8 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -1852,7 +1852,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/snmpd/parse.y b/usr.sbin/snmpd/parse.y
index f9a878b7828..f50c5dfd529 100644
--- a/usr.sbin/snmpd/parse.y
+++ b/usr.sbin/snmpd/parse.y
@@ -835,7 +835,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/switchd/parse.y b/usr.sbin/switchd/parse.y
index 191e720e3a7..dc95947cc89 100644
--- a/usr.sbin/switchd/parse.y
+++ b/usr.sbin/switchd/parse.y
@@ -475,7 +475,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/vmd/parse.y b/usr.sbin/vmd/parse.y
index ef2ed38e400..4ef04e3f160 100644
--- a/usr.sbin/vmd/parse.y
+++ b/usr.sbin/vmd/parse.y
@@ -949,7 +949,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
diff --git a/usr.sbin/ypldap/parse.y b/usr.sbin/ypldap/parse.y
index 6048a3586c9..a6d647021bf 100644
--- a/usr.sbin/ypldap/parse.y
+++ b/usr.sbin/ypldap/parse.y
@@ -663,7 +663,8 @@ top:
} else if (c == '\\') {
if ((next = lgetc(quotec)) == EOF)
return (0);
- if (next == quotec || c == ' ' || c == '\t')
+ if (next == quotec || next == ' ' ||
+ next == '\t')
c = next;
else if (next == '\n') {
file->lineno++;
