From danfe@regency.nsu.ru  Tue Nov  5 05:09:34 2002
Return-Path: <danfe@regency.nsu.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BB9A337B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  5 Nov 2002 05:09:34 -0800 (PST)
Received: from mail.nsu.ru (mx.nsu.ru [193.124.215.71])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 584A643E4A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  5 Nov 2002 05:09:33 -0800 (PST)
	(envelope-from danfe@regency.nsu.ru)
Received: from drweb by mail.nsu.ru with drweb-scanned (Exim 3.20 #1)
	id 1893SH-0003RT-00
	for FreeBSD-gnats-submit@freebsd.org; Tue, 05 Nov 2002 19:09:17 +0600
Received: from regency.nsu.ru ([193.124.210.26])
	by mail.nsu.ru with esmtp (Exim 3.20 #1)
	id 1893Rx-0003M3-00
	for FreeBSD-gnats-submit@freebsd.org; Tue, 05 Nov 2002 19:08:57 +0600
Received: from regency.nsu.ru (localhost [127.0.0.1])
	by regency.nsu.ru (8.12.6/8.12.6) with ESMTP id gA5D9G1I004156
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 5 Nov 2002 19:09:16 +0600 (NOVT)
	(envelope-from danfe@regency.nsu.ru)
Received: (from danfe@localhost)
	by regency.nsu.ru (8.12.6/8.12.6/Submit) id gA5D9Gq9004104;
	Tue, 5 Nov 2002 19:09:16 +0600 (NOVT)
Message-Id: <200211051309.gA5D9Gq9004104@regency.nsu.ru>
Date: Tue, 5 Nov 2002 19:09:16 +0600 (NOVT)
From: Alexey Dokuchaev <danfe@regency.nsu.ru>
Reply-To: Alexey Dokuchaev <danfe@regency.nsu.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Uid/gid handling code in IPFW2 userland (/sbin/ipfw) is broken
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         44929
>Category:       bin
>Synopsis:       Uid/gid handling code in IPFW2 userland (/sbin/ipfw) is broken
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 05 05:10:01 PST 2002
>Closed-Date:    Tue Nov 05 05:33:42 PST 2002
>Last-Modified:  Tue Nov 05 05:33:42 PST 2002
>Originator:     Alexey Dokuchaev
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
CNIT
>Environment:
System: FreeBSD regency.nsu.ru 4.7-STABLE FreeBSD 4.7-STABLE #4: Tue Oct 29 20:17:48 NOVT 2002 root@regency.nsu.ru:/usr/src/sys/compile/REGENCY i386
>Description:
IPFW2 rule parser (both in -STABLE and -CURRENT) does not correctly handle uid/gid specifiers:

	ipfw add deny all from x.y.z.t to any uid jack
	ipfw add deny all from x.y.z.t to any uid mary

will yield:

?ab00          0          0 deny ip from x.y.z.t to any uid root
?ac00          0          0 deny ip from x.y.z.t to any uid root
See above.
>How-To-Repeat:
>Fix:
This fix also brings IPFW2 code in question in sync with old IPFW (which does behave correctly),
not to mention it corrects the described bug.  Though this diff is against -STABLE, I think it is
pretty clear how to apply it to -CURRENT.

--- ipfw2.c.orig	Tue Oct 29 10:19:15 2002
+++ ipfw2.c	Tue Oct 29 10:33:55 2002
@@ -2937,7 +2937,7 @@
 			pwd = (*end == '\0') ? getpwuid(uid) : getpwnam(*av);
 			if (pwd == NULL)
 				errx(EX_DATAERR, "uid \"%s\" nonexistent", *av);
-			cmd32->d[0] = uid;
+			cmd32->d[0] = pwd->pw_uid;
 			cmd->len = F_INSN_SIZE(ipfw_insn_u32);
 			ac--; av++;
 		    }
@@ -2956,7 +2956,7 @@
 			if (grp == NULL)
 				errx(EX_DATAERR, "gid \"%s\" nonexistent", *av);
 			
-			cmd32->d[0] = gid;
+			cmd32->d[0] = grp->gr_gid;
 			cmd->len = F_INSN_SIZE(ipfw_insn_u32);
 			ac--; av++;
 		    }

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Tue Nov 5 05:31:06 PST 2002 
State-Changed-Why:  
Duplicate of bin/42579 with the same patch. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44929 
>Unformatted:
