From owner-svn-src-projects@FreeBSD.ORG  Wed Aug 13 06:16:38 2014
Return-Path: <owner-svn-src-projects@FreeBSD.ORG>
Delivered-To: svn-src-projects@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 678DFB48;
 Wed, 13 Aug 2014 06:16:38 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5467D22DB;
 Wed, 13 Aug 2014 06:16:38 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s7D6Gc2V023528;
 Wed, 13 Aug 2014 06:16:38 GMT (envelope-from melifaro@FreeBSD.org)
Received: (from melifaro@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s7D6GcUh023527;
 Wed, 13 Aug 2014 06:16:38 GMT (envelope-from melifaro@FreeBSD.org)
Message-Id: <201408130616.s7D6GcUh023527@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: melifaro set sender to
 melifaro@FreeBSD.org using -f
From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
Date: Wed, 13 Aug 2014 06:16:38 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r269910 - projects/ipfw/sbin/ipfw
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Aug 2014 06:16:38 -0000

Author: melifaro
Date: Wed Aug 13 06:16:37 2014
New Revision: 269910
URL: http://svnweb.freebsd.org/changeset/base/269910

Log:
  * Do not crash on incorrect "flow" type inputs.
  * Do not auto-create tables for operations other than add.

Modified:
  projects/ipfw/sbin/ipfw/tables.c

Modified: projects/ipfw/sbin/ipfw/tables.c
==============================================================================
--- projects/ipfw/sbin/ipfw/tables.c	Wed Aug 13 05:53:41 2014	(r269909)
+++ projects/ipfw/sbin/ipfw/tables.c	Wed Aug 13 06:16:37 2014	(r269910)
@@ -67,7 +67,7 @@ static void table_show_list(ipfw_obj_hea
 static void table_show_entry(ipfw_xtable_info *i, ipfw_obj_tentry *tent);
 
 static void tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent,
-    char *key, uint8_t *ptype, uint8_t *pvtype, ipfw_xtable_info *xi);
+    char *key, int add, uint8_t *ptype, uint8_t *pvtype, ipfw_xtable_info *xi);
 static void tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent,
     char *arg, uint8_t type, uint8_t vtype);
 
@@ -932,7 +932,7 @@ table_modify_record(ipfw_obj_header *oh,
 	memset(&xi, 0, sizeof(xi));
 	count = 0;
 	while (ac > 0) {
-		tentry_fill_key(oh, ptent, *av, &type, &vtype, &xi);
+		tentry_fill_key(oh, ptent, *av, add, &type, &vtype, &xi);
 
 		/*
 		 * compability layer: auto-create table if not exists
@@ -1073,7 +1073,7 @@ table_do_lookup(ipfw_obj_header *oh, cha
 	tent->head.length = sizeof(*tent);
 	tent->idx = 1;
 
-	tentry_fill_key(oh, tent, key, &type, &vtype, xi);
+	tentry_fill_key(oh, tent, key, 0, &type, &vtype, xi);
 	oh->ntlv.type = type;
 
 	sz = sizeof(xbuf);
@@ -1196,7 +1196,7 @@ tentry_fill_key_type(char *arg, ipfw_obj
 		tfe = &tentry->k.flow;
 		af = 0;
 
-		/* Handle <ipv4|ipv6>*/
+		/* Handle <ipv4|ipv6> */
 		if ((tflags & IPFW_TFFLAG_SRCIP) != 0) {
 			if ((p = strchr(arg, ',')) != NULL)
 				*p++ = '\0';
@@ -1220,6 +1220,8 @@ tentry_fill_key_type(char *arg, ipfw_obj
 
 		/* Handle <proto-num|proto-name> */
 		if ((tflags & IPFW_TFFLAG_PROTO) != 0) {
+			if (arg == NULL)
+				errx(EX_DATAERR, "invalid key: proto missing");
 			if ((p = strchr(arg, ',')) != NULL)
 				*p++ = '\0';
 
@@ -1242,6 +1244,8 @@ tentry_fill_key_type(char *arg, ipfw_obj
 
 		/* Handle <port-num|service-name> */
 		if ((tflags & IPFW_TFFLAG_SRCPORT) != 0) {
+			if (arg == NULL)
+				errx(EX_DATAERR, "invalid key: src port missing");
 			if ((p = strchr(arg, ',')) != NULL)
 				*p++ = '\0';
 
@@ -1260,6 +1264,8 @@ tentry_fill_key_type(char *arg, ipfw_obj
 
 		/* Handle <ipv4|ipv6>*/
 		if ((tflags & IPFW_TFFLAG_DSTIP) != 0) {
+			if (arg == NULL)
+				errx(EX_DATAERR, "invalid key: dst ip missing");
 			if ((p = strchr(arg, ',')) != NULL)
 				*p++ = '\0';
 			/* Determine family using temporary storage */
@@ -1282,6 +1288,8 @@ tentry_fill_key_type(char *arg, ipfw_obj
 
 		/* Handle <port-num|service-name> */
 		if ((tflags & IPFW_TFFLAG_DSTPORT) != 0) {
+			if (arg == NULL)
+				errx(EX_DATAERR, "invalid key: dst port missing");
 			if ((p = strchr(arg, ',')) != NULL)
 				*p++ = '\0';
 
@@ -1312,7 +1320,7 @@ tentry_fill_key_type(char *arg, ipfw_obj
 
 static void
 tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *key,
-    uint8_t *ptype, uint8_t *pvtype, ipfw_xtable_info *xi)
+    int add, uint8_t *ptype, uint8_t *pvtype, ipfw_xtable_info *xi)
 {
 	uint8_t type, tflags, vtype;
 	int error;
@@ -1336,6 +1344,9 @@ tentry_fill_key(ipfw_obj_header *oh, ipf
 		if (error != ESRCH)
 			errx(EX_OSERR, "Error requesting table %s info",
 			    oh->ntlv.name);
+		if (add == 0)
+			errx(EX_DATAERR, "Table %s does not exist",
+			    oh->ntlv.name);
 		/*
 		 * Table does not exist.
 		 * Compability layer: try to interpret data as CIDR