git: 637d81c52d21 - main - pfctl: fix incorrect optimization
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 16 Sep 2024 13:05:25 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=637d81c52d2153fabbc72e2644199176e1042ab5 commit 637d81c52d2153fabbc72e2644199176e1042ab5 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-08-29 10:02:51 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-09-16 11:48:49 +0000 pfctl: fix incorrect optimization In the non-optimized case, an address list containing "any" (ie. { any 10.0.0.1 }) should be folded in the parser to any, not to 10.0.0.1. How long this bug has been with us is unclear. ok guenther mcbride Obtained from: OpenBSD, deraadt <deraadt@openbsd.org>, e3b4bc25a0 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D46580 --- sbin/pfctl/parse.y | 14 +++++++++++--- sbin/pfctl/pfctl_parser.h | 2 ++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 0c551d2ef49f..55b5310b61e3 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -3572,11 +3572,13 @@ toipspec : TO ipspec { $$ = $2; } host_list : ipspec optnl { $$ = $1; } | host_list comma ipspec optnl { - if ($3 == NULL) + if ($1 == NULL) { + freehostlist($3); $$ = $1; - else if ($1 == NULL) + } else if ($3 == NULL) { + freehostlist($1); $$ = $3; - else { + } else { $1->tail->next = $3; $1->tail = $3->tail; $$ = $1; @@ -6270,6 +6272,12 @@ expand_skip_interface(struct node_if *interfaces) return (0); } +void +freehostlist(struct node_host *h) +{ + FREE_LIST(struct node_host, h); +} + #undef FREE_LIST #undef LOOP_THROUGH diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 6de998b34e52..550005508f40 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -137,6 +137,8 @@ struct node_host { struct node_host *tail; }; +void freehostlist(struct node_host *); + struct node_mac { u_int8_t mac[ETHER_ADDR_LEN]; u_int8_t mask[ETHER_ADDR_LEN];