[possible] bug in ipnat rule parsing
This is a discussion on [possible] bug in ipnat rule parsing within the IPFilter forums, part of the System Security and Security Related category; Hi, A rule like: map xl0 192.168.0.0/16 -> 81.72.63.54 netmask 0xffff0000 shows as ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-26-2004
|
|||
|
|||
[possible] bug in ipnat rule parsing
Hi,
A rule like: map xl0 192.168.0.0/16 -> 81.72.63.54 netmask 0xffff0000 shows as map ex0 192.168.0.0/16 -> 255.255.0.0/16 in ipnat -l. I think the code (in natparse.c): if (ipn.in_flags & IPN_IPRANGE) { dnetm = strrchr(*cpp, '-'); if (dnetm == NULL) { cpp++; ... } else if (ipn.in_redir != NAT_REDIRECT) { dnetm = strrchr(*cpp, '/'); if (dnetm == NULL) { cpp++; if (*cpp && !strcasecmp(*cpp, "netmask")) dnetm = *++cpp; } ... is erronneous as cpp is incremented before its value is stored. in the rule above, at this point, cpp points to 81.x.x.x and is incremented twice to point to 0xffff0000 (same value as dnetm). This is also true for the syntax "range first - last" (of course, 81.xxxx/0xffff... and "range first-last" would work. so this is not a critical issue). While I am in, ipnat(5) claims that the notation "netmask" is used in both the lhs and the rhs. however, the code suggests that the lhs uses "mask" instead (this is in hostmask.c). regards, mouss 
|
Linear Mode
