Date: Tue, 10 May 2005 10:00:58 -0700 From: Jon Simola <jsimola@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Re: kern/73276: ipfw2 vulnerability (parser error) Message-ID: <8eea04080505101000d1180ce@mail.gmail.com> In-Reply-To: <200505101350.j4ADonjj053834@freefall.freebsd.org> References: <200505101350.j4ADonjj053834@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/10/05, Tilman Linneweh <arved@freebsd.org> wrote: > Synopsis: ipfw2 vulnerability (parser error) >=20 > Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw > Responsible-Changed-By: arved > Responsible-Changed-When: Tue May 10 13:50:30 GMT 2005 > Responsible-Changed-Why: > Over to ipfw mailinglist >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D73276 More accurately, anything after the closing '}' is ignored by the parser. I'm pretty sure this fixes that. --- ipfw2.c.orig Tue May 10 08:45:12 2005 +++ ipfw2.c Tue May 10 09:53:08 2005 @@ -2088,8 +2088,11 @@ i =3D -1; if (*s =3D=3D '-') i =3D a; - else if (*s =3D=3D '}') + else if (*s =3D=3D '}') { + if (strlen(s) > 1) + errx(EX_DATAERR, "trailing garbage after '}= '"); break; + } av =3D s+1; } return; --=20 Jon Simola Systems Administrator ABC Communications
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eea04080505101000d1180ce>