svn commit: r330665 - head/sbin/ipfw

Thu, 08 Mar 2018 09:24:06 -0800 

Author: cem
Date: Thu Mar  8 17:23:18 2018
New Revision: 330665
URL: https://svnweb.freebsd.org/changeset/base/330665

Log:
  ipfw(8): Fix endianness for Legacy and Ipv4 table hostname values
  
  The lookup_host() helper subroutine emits a struct in_addr value in network
  byte order via caller passed pointer.  However, the table value is expected
  to be stored in host byte order.  On little-endian machines, this produced a
  reversed endian table value for Legacy or IPv4 table types when the value
  was a hostname (instead of a plain IP address).
  
  Fix by using ntohl() on the output 32-bit address.
  
  While here, avoid some aliasing violations by storing the lookup_host()
  output in an intermediate object of the correct type.
  
  PR:           226429
  Reported by:  bugs.freebsd.org AT mx.zzux.com (also: Tested by)
  Security:     ipfw hostname table rules could potentially not act as admin 
intended
  Sponsored by: Dell EMC Isilon

Modified:
  head/sbin/ipfw/tables.c

Modified: head/sbin/ipfw/tables.c
==============================================================================
--- head/sbin/ipfw/tables.c     Thu Mar  8 17:14:16 2018        (r330664)
+++ head/sbin/ipfw/tables.c     Thu Mar  8 17:23:18 2018        (r330665)
@@ -1471,6 +1471,7 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
        uint32_t i;
        int dval;
        char *comma, *e, *etype, *n, *p;
+       struct in_addr ipaddr;
 
        v = &tent->v.value;
 
@@ -1487,8 +1488,8 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
                        return;
                }
                /* Try hostname */
-               if (lookup_host(arg, (struct in_addr *)&val) == 0) {
-                       set_legacy_value(val, v);
+               if (lookup_host(arg, &ipaddr) == 0) {
+                       set_legacy_value(ntohl(ipaddr.s_addr), v);
                        return;
                }
                errx(EX_OSERR, "Unable to parse value %s", arg);
@@ -1557,8 +1558,10 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
                                v->nh4 = ntohl(a4);
                                break;
                        }
-                       if (lookup_host(n, (struct in_addr *)&v->nh4) == 0)
+                       if (lookup_host(n, &ipaddr) == 0) {
+                               v->nh4 = ntohl(ipaddr.s_addr);
                                break;
+                       }
                        etype = "ipv4";
                        break;
                case IPFW_VTYPE_DSCP:
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to