[PATCH] sbin/ipfw fixes

Sepherosa Ziehau sepherosa at gmail.com
Sun Apr 24 03:48:50 PDT 2005


1) more strigent 'ipaddr/width' command line argument checking
2) '\0' -> NULL, when compared with char pointer

-- 
Live Free or Die
Index: ipfw.c
===================================================================
RCS file: /opt/df_cvs/src/sbin/ipfw/ipfw.c,v
retrieving revision 1.7
diff -u -r1.7 ipfw.c
--- ipfw.c	18 Dec 2004 21:43:38 -0000	1.7
+++ ipfw.c	24 Apr 2005 10:50:17 -0000
@@ -940,6 +940,19 @@
 	return(0);
 }
 
+static int
+fill_netmask(struct in_addr *mask, const char *wid_str)
+{
+	char *ep;
+	u_long wid;
+
+	wid = strtoul(wid_str, &ep, 10);
+	if (*ep != '\0' || wid > 32)
+		return -1;
+	mask->s_addr = (wid == 0 ? 0 : htonl(~0 << (32 - wid)));
+	return 0;
+}
+
 static void
 fill_ip(struct in_addr *ipno, struct in_addr *mask, int *acp, char ***avp)
 {
@@ -966,14 +979,8 @@
 					errx(EX_DATAERR, "bad netmask ``%s''", p);
 				break;
 			case '/':
-				if (atoi(p) == 0) {
-					mask->s_addr = 0;
-				} else if (atoi(p) > 32) {
+				if (fill_netmask(mask, p) < 0)
 					errx(EX_DATAERR, "bad width ``%s''", p);
-				} else {
-					mask->s_addr =
-					    htonl(~0 << (32 - atoi(p)));
-				}
 				break;
 			default:
 				mask->s_addr = htonl(~0);
@@ -994,7 +1001,7 @@
 	u_long val;
 	char *s;
 
-	if (str == '\0')
+	if (str == NULL)
 		errx(EX_DATAERR, "missing unreachable code");
 	val = strtoul(str, &s, 0);
 	if (s != str && *s == '\0' && val < 0x100) {




More information about the Submit mailing list