From owner-freebsd-net@FreeBSD.ORG  Sat Dec 13 10:47:10 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9828916A4CE; Sat, 13 Dec 2003 10:47:10 -0800 (PST)
Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id F059743D35; Sat, 13 Dec 2003 10:47:08 -0800 (PST)
	(envelope-from maxim@macomnet.ru)
Received: from news1.macomnet.ru (7yqi3ke0@news1.macomnet.ru [195.128.64.14])
	by relay.macomnet.ru (8.12.10/8.12.10) with ESMTP id hBDIl7kQ27291005;
	Sat, 13 Dec 2003 21:47:07 +0300 (MSK)
Date: Sat, 13 Dec 2003 21:47:07 +0300 (MSK)
From: Maxim Konovalov <maxim@macomnet.ru>
To: Nate Grey <NateBSD@yahoo.it>
In-Reply-To: <200312131149.44582.NateBSD@yahoo.it>
Message-ID: <20031213214424.E42015@news1.macomnet.ru>
References: <200312131149.44582.NateBSD@yahoo.it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: luigi@freebsd.org
cc: net@freebsd.org
Subject: Re: Fwd: 5.2-RC + ipfw
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Dec 2003 18:47:10 -0000

[ CC: Luigi ]

On Sat, 13 Dec 2003, 11:49-0000, Nate Grey wrote:

> Hello,
>
> on 5.2-RC I get this error from ipfw:
>
>  ipfw in free(): error: modified (chunk -) pointer
>  Aboirt trap (core dumped)
>
> examining my firewall script I noticed that error occurs when ipfw try to
> load this rules
>
> fwcmd="/sbin/ipfw -q/"
> ${fwcmd} add 310 set 1 deny ip from $bad_guys to any in recv ep0
> ${fwcmd} add 310 set 2 deny ip from any to $bad_guys out via ep0
>
> badguys are:
>
> bad_guys="(\
> 127.0.0.0/8 or \
> 192.168.0.1/16 or \
> 10.0.0.0/8 or \
> 172.16.0.0/12 or \
> 0.0.0.0/8 or \
> 169.254.0.0/16 or \
> 192.0.2.0/24 or \
> 224.0.0.0/4 \
> )"
>
> anyway, according to `ipfw sh` output the rules are loaded.

Please try an enclosed patch or put a whitespace right after the '('
before '\'.

Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.42
diff -u -r1.42 ipfw2.c
--- ipfw2.c	31 Oct 2003 18:31:55 -0000	1.42
+++ ipfw2.c	13 Dec 2003 18:42:18 -0000
@@ -2901,15 +2901,14 @@
 		goto done;

 #define OR_START(target)					\
-	if (ac && (*av[0] == '(' || *av[0] == '{')) {		\
+	if (ac && (						\
+	    !strncmp(*av, "(", strlen(*av)) ||			\
+	    !strncmp(*av, "{", strlen(*av)) )) {		\
 		if (open_par)					\
 			errx(EX_USAGE, "nested \"(\" not allowed\n"); \
 		prev = NULL;					\
 		open_par = 1;					\
-		if ( (av[0])[1] == '\0') {			\
-			ac--; av++;				\
-		} else						\
-			(*av)++;				\
+		ac--; av++;					\
 	}							\
 	target:							\

%%%

-- 
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org