Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 8 Mar 2018 17:23:19 +0000 (UTC)
From:      Conrad Meyer <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r330665 - head/sbin/ipfw
Message-ID:  <201803081723.w28HNJYP062180@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: cem
Date: Thu Mar  8 17:23:18 2018
New Revision: 330665
URL: https://svnweb.freebsd.org/changeset/base/330665

Log:
  ipfw(8): Fix endianness for Legacy and Ipv4 table hostname values
  
  The lookup_host() helper subroutine emits a struct in_addr value in network
  byte order via caller passed pointer.  However, the table value is expected
  to be stored in host byte order.  On little-endian machines, this produced a
  reversed endian table value for Legacy or IPv4 table types when the value
  was a hostname (instead of a plain IP address).
  
  Fix by using ntohl() on the output 32-bit address.
  
  While here, avoid some aliasing violations by storing the lookup_host()
  output in an intermediate object of the correct type.
  
  PR:		226429
  Reported by:	bugs.freebsd.org AT mx.zzux.com (also: Tested by)
  Security:	ipfw hostname table rules could potentially not act as admin intended
  Sponsored by:	Dell EMC Isilon

Modified:
  head/sbin/ipfw/tables.c

Modified: head/sbin/ipfw/tables.c
==============================================================================
--- head/sbin/ipfw/tables.c	Thu Mar  8 17:14:16 2018	(r330664)
+++ head/sbin/ipfw/tables.c	Thu Mar  8 17:23:18 2018	(r330665)
@@ -1471,6 +1471,7 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
 	uint32_t i;
 	int dval;
 	char *comma, *e, *etype, *n, *p;
+	struct in_addr ipaddr;
 
 	v = &tent->v.value;
 
@@ -1487,8 +1488,8 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
 			return;
 		}
 		/* Try hostname */
-		if (lookup_host(arg, (struct in_addr *)&val) == 0) {
-			set_legacy_value(val, v);
+		if (lookup_host(arg, &ipaddr) == 0) {
+			set_legacy_value(ntohl(ipaddr.s_addr), v);
 			return;
 		}
 		errx(EX_OSERR, "Unable to parse value %s", arg);
@@ -1557,8 +1558,10 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry
 				v->nh4 = ntohl(a4);
 				break;
 			}
-			if (lookup_host(n, (struct in_addr *)&v->nh4) == 0)
+			if (lookup_host(n, &ipaddr) == 0) {
+				v->nh4 = ntohl(ipaddr.s_addr);
 				break;
+			}
 			etype = "ipv4";
 			break;
 		case IPFW_VTYPE_DSCP:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803081723.w28HNJYP062180>