[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-tech
Subject: Re: ftp-proxy(8): ensure nat_range_high is defined in add_nat()
From: "Christiano F. Haesbaert" <haesbaert () openbsd ! org>
Date: 2012-04-30 13:12:36
Message-ID: 20120430131236.GA3117 () openbsd ! org
[Download RAW message or body]
If no one has any objections I'd like to commit this.
On Thu, Apr 19, 2012 at 09:07:43PM -0400, Lawrence Teo wrote:
> On Wed, Apr 18, 2012 at 11:36:49PM -0400, Lawrence Teo wrote:
> > This simple diff adds a check to the add_nat() function in
> > ftp-proxy(8) to ensure that nat_range_high is defined before
> > proceeding to create the PF NAT rule. I think the original author
> > may have intended to do this since there is an existing check for
> > nat_range_low.
> >
> > Technically, all calls to add_nat() already use non-zero values for
> > nat_range_low and nat_range_high, but I think it is still important
> > to add the check as an additional safeguard in case those calls do
> > change in the future.
>
> I received a reply mentioning that my original diff overran 80 columns
> columns but was otherwise ok. Here is a revised diff that keeps the
> lines within 80 columns.
>
> Lawrence
>
>
> Index: filter.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ftp-proxy/filter.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 filter.c
> --- filter.c 6 Mar 2012 12:50:20 -0000 1.17
> +++ filter.c 20 Apr 2012 00:55:18 -0000
> @@ -71,7 +71,7 @@ add_nat(u_int32_t id, struct sockaddr *s
> u_int16_t nat_range_high)
> {
> if (!src || !dst || !d_port || !nat || !nat_range_low ||
> - (src->sa_family != nat->sa_family)) {
> + !nat_range_high || (src->sa_family != nat->sa_family)) {
> errno = EINVAL;
> return (-1);
> }
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic