From owner-freebsd-bugs Tue Nov 5 5:10: 6 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEADC37B401 for ; Tue, 5 Nov 2002 05:10:03 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22A7843E42 for ; Tue, 5 Nov 2002 05:10:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gA5DA1x3019542 for ; Tue, 5 Nov 2002 05:10:01 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gA5DA1Wk019541; Tue, 5 Nov 2002 05:10:01 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB9A337B401 for ; Tue, 5 Nov 2002 05:09:34 -0800 (PST) Received: from mail.nsu.ru (mx.nsu.ru [193.124.215.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 584A643E4A for ; Tue, 5 Nov 2002 05:09:33 -0800 (PST) (envelope-from danfe@regency.nsu.ru) Received: from drweb by mail.nsu.ru with drweb-scanned (Exim 3.20 #1) id 1893SH-0003RT-00 for FreeBSD-gnats-submit@freebsd.org; Tue, 05 Nov 2002 19:09:17 +0600 Received: from regency.nsu.ru ([193.124.210.26]) by mail.nsu.ru with esmtp (Exim 3.20 #1) id 1893Rx-0003M3-00 for FreeBSD-gnats-submit@freebsd.org; Tue, 05 Nov 2002 19:08:57 +0600 Received: from regency.nsu.ru (localhost [127.0.0.1]) by regency.nsu.ru (8.12.6/8.12.6) with ESMTP id gA5D9G1I004156 for ; Tue, 5 Nov 2002 19:09:16 +0600 (NOVT) (envelope-from danfe@regency.nsu.ru) Received: (from danfe@localhost) by regency.nsu.ru (8.12.6/8.12.6/Submit) id gA5D9Gq9004104; Tue, 5 Nov 2002 19:09:16 +0600 (NOVT) Message-Id: <200211051309.gA5D9Gq9004104@regency.nsu.ru> Date: Tue, 5 Nov 2002 19:09:16 +0600 (NOVT) From: Alexey Dokuchaev Reply-To: Alexey Dokuchaev To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/44929: Uid/gid handling code in IPFW2 userland (/sbin/ipfw) is broken Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44929 >Category: bin >Synopsis: Uid/gid handling code in IPFW2 userland (/sbin/ipfw) is broken >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 05 05:10:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Alexey Dokuchaev >Release: FreeBSD 4.7-STABLE i386 >Organization: CNIT >Environment: System: FreeBSD regency.nsu.ru 4.7-STABLE FreeBSD 4.7-STABLE #4: Tue Oct 29 20:17:48 NOVT 2002 root@regency.nsu.ru:/usr/src/sys/compile/REGENCY i386 >Description: IPFW2 rule parser (both in -STABLE and -CURRENT) does not correctly handle uid/gid specifiers: ipfw add deny all from x.y.z.t to any uid jack ipfw add deny all from x.y.z.t to any uid mary will yield: ?ab00 0 0 deny ip from x.y.z.t to any uid root ?ac00 0 0 deny ip from x.y.z.t to any uid root See above. >How-To-Repeat: >Fix: This fix also brings IPFW2 code in question in sync with old IPFW (which does behave correctly), not to mention it corrects the described bug. Though this diff is against -STABLE, I think it is pretty clear how to apply it to -CURRENT. --- ipfw2.c.orig Tue Oct 29 10:19:15 2002 +++ ipfw2.c Tue Oct 29 10:33:55 2002 @@ -2937,7 +2937,7 @@ pwd = (*end == '\0') ? getpwuid(uid) : getpwnam(*av); if (pwd == NULL) errx(EX_DATAERR, "uid \"%s\" nonexistent", *av); - cmd32->d[0] = uid; + cmd32->d[0] = pwd->pw_uid; cmd->len = F_INSN_SIZE(ipfw_insn_u32); ac--; av++; } @@ -2956,7 +2956,7 @@ if (grp == NULL) errx(EX_DATAERR, "gid \"%s\" nonexistent", *av); - cmd32->d[0] = gid; + cmd32->d[0] = grp->gr_gid; cmd->len = F_INSN_SIZE(ipfw_insn_u32); ac--; av++; } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message