diff options
author | Kristof Provost <kp@FreeBSD.org> | 2022-01-05 20:31:02 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2022-01-27 06:36:26 +0000 |
commit | e68de6694381748b7578703b22580c0f17780b32 (patch) | |
tree | 2e88b3ff34c2f459ebd6bbb0c857cb49fb62b3a2 /sbin/pfctl/parse.y | |
parent | 6871de9363e559fef6765f0e49acc47f77544999 (diff) | |
download | src-e68de6694381748b7578703b22580c0f17780b32.tar.gz src-e68de6694381748b7578703b22580c0f17780b32.zip |
pfctl: improve error reporting for routehost
If an invalid (i.e. overly long) interface name is specified error out
immediately, rather than in expand_rule() so we point at the incorrect
line.
PR: 260958
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D34008
Diffstat (limited to 'sbin/pfctl/parse.y')
-rw-r--r-- | sbin/pfctl/parse.y | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index a21643070028..f931d1c062b9 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4582,6 +4582,10 @@ route_host : STRING { $$ = calloc(1, sizeof(struct node_host)); if ($$ == NULL) err(1, "route_host: calloc"); + if (strlen($1) >= IFNAMSIZ) { + yyerror("interface name too long"); + YYERROR; + } $$->ifname = strdup($1); set_ipmask($$, 128); $$->next = NULL; @@ -4591,8 +4595,13 @@ route_host : STRING { struct node_host *n; $$ = $3; - for (n = $3; n != NULL; n = n->next) + for (n = $3; n != NULL; n = n->next) { + if (strlen($2) >= IFNAMSIZ) { + yyerror("interface name too long"); + YYERROR; + } n->ifname = strdup($2); + } } ; |