Date: Mon, 13 Jun 2011 00:26:43 GMT From: Dmitry <smallcms@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/157807: security/sshguard-ipfw fails to work with -b option Message-ID: <201106130026.p5D0Qh6Z005724@red.freebsd.org> Resent-Message-ID: <201106130030.p5D0UAhs070556@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 157807 >Category: ports >Synopsis: security/sshguard-ipfw fails to work with -b option >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 13 00:30:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Dmitry >Release: 8.2-RELEASE >Organization: >Environment: FreeBSD oemcomp.openair 8.2-RELEASE-p1 FreeBSD 8.2-RELEASE-p1 #1: Tue May 3 00:14:15 EEST 2011 root@oemcomp.openair:/usr/obj/usr/src/sys/TELIASONERA i386 >Description: security/sshguard-ipfw fails to work with -b option. If this option is enabled, sshguard fails to work with ipfw: Assertion failed: (addresses[0] != NULL), function ipfwmod_buildblockcommand, file ipfw.c, line 291. Abort trap: 6 >How-To-Repeat: # cd /usr/ports/security/sshguard-ipfw && make install clean # /usr/local/sbin/sshguard -a 4 -b 10:/var/db/blacklist.db >Fix: http://sourceforge.net/tracker/?func=detail&aid=3252151&group_id=188282&atid=924685 /usr/ports/security/sshguard/files/patch-sshguard.c Patch attached with submission follows: --- src/sshguard.c.orig 2010-08-09 08:44:15.000000000 +0200 +++ src/sshguard.c 2011-03-28 11:42:42.000000000 +0200 @@ -566,9 +566,13 @@ /* terminate array list */ addresses[i] = NULL; /* do block addresses of this kind */ - if (fw_block_list(addresses, addrkind, service_codes) != FWALL_OK) { - sshguard_log(LOG_CRIT, "While blocking blacklisted addresses, the firewall refused to block!"); - } + if (addresses[0] == NULL) { + sshguard_log(LOG_DEBUG, "No %s addresses in loaded blacklist.", (addrkind == ADDRKIND_IPv4) ? "IPv4" : "IPv6"); + } else { + if (fw_block_list(addresses, addrkind, service_codes) != FWALL_OK) { + sshguard_log(LOG_CRIT, "While blocking blacklisted addresses, the firewall refused to block!"); + } + } } /* free temporary arrays */ free(addresses); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106130026.p5D0Qh6Z005724>