[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: ftp-proxy(8): ensure nat_range_high is defined in add_nat()
From:       "Christiano F. Haesbaert" <haesbaert () openbsd ! org>
Date:       2012-04-30 13:12:36
Message-ID: 20120430131236.GA3117 () openbsd ! org
[Download RAW message or body]

If no one has any objections I'd like to commit this.

On Thu, Apr 19, 2012 at 09:07:43PM -0400, Lawrence Teo wrote:
> On Wed, Apr 18, 2012 at 11:36:49PM -0400, Lawrence Teo wrote:
> > This simple diff adds a check to the add_nat() function in
> > ftp-proxy(8) to ensure that nat_range_high is defined before
> > proceeding to create the PF NAT rule.  I think the original author
> > may have intended to do this since there is an existing check for
> > nat_range_low.
> > 
> > Technically, all calls to add_nat() already use non-zero values for
> > nat_range_low and nat_range_high, but I think it is still important
> > to add the check as an additional safeguard in case those calls do
> > change in the future.
> 
> I received a reply mentioning that my original diff overran 80 columns
> columns but was otherwise ok.  Here is a revised diff that keeps the
> lines within 80 columns.
> 
> Lawrence
> 
> 
> Index: filter.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ftp-proxy/filter.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 filter.c
> --- filter.c	6 Mar 2012 12:50:20 -0000	1.17
> +++ filter.c	20 Apr 2012 00:55:18 -0000
> @@ -71,7 +71,7 @@ add_nat(u_int32_t id, struct sockaddr *s
>      u_int16_t nat_range_high)
>  {
>  	if (!src || !dst || !d_port || !nat || !nat_range_low ||
> -	    (src->sa_family != nat->sa_family)) {
> +	    !nat_range_high || (src->sa_family != nat->sa_family)) {
>  		errno = EINVAL;
>  		return (-1);
>  	}

[prev in list] [next in list] [prev in thread] [next in thread]