From rene@tunix.nl  Mon Apr 14 08:02:26 2003
Return-Path: <rene@tunix.nl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3E8B937B401; Mon, 14 Apr 2003 08:02:26 -0700 (PDT)
Received: from bastix.tunix.nl (bastix.tunix.nl [193.79.201.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 7B79143F93; Mon, 14 Apr 2003 08:02:24 -0700 (PDT)
	(envelope-from rene@tunix.nl)
Received: (from root@localhost) by bastix.tunix.nl (8.9.3c/8.6.12) id RAA29522; Mon, 14 Apr 2003 17:02:35 +0200 (CEST)
Received: by bastix.tunix.nl (TUNIX txp2/smap)
	id sma027966; Mon, 14 Apr 03 17:01:29 +0200
Received: from upsilix.tunix.nl (upsilix.tunix.nl [172.16.2.22])
	by fix.tunix.nl (8.10.2+Sun/8.10.2) with ESMTP id h3EF1H928703;
	Mon, 14 Apr 2003 17:01:17 +0200 (MEST)
Received: from upsilix.tunix.nl (localhost.tunix.nl [127.0.0.1])
	by upsilix.tunix.nl (8.12.6/8.12.6) with ESMTP id h3EF1Dc5072689;
	Mon, 14 Apr 2003 17:01:13 +0200 (CEST)
	(envelope-from rene@upsilix.tunix.nl)
Received: (from rene@localhost)
	by upsilix.tunix.nl (8.12.6/8.12.6/Submit) id h3EF1CsF072688;
	Mon, 14 Apr 2003 17:01:12 +0200 (CEST)
	(envelope-from rene)
Message-Id: <200304141501.h3EF1CsF072688@upsilix.tunix.nl>
Date: Mon, 14 Apr 2003 17:01:12 +0200 (CEST)
From: Rene de Vries <rene@tunix.nl>
Reply-To: Rene de Vries <rene@tunix.nl>
To: FreeBSD-gnats-submit@freebsd.org
Cc: darrenr@freebsd.org
Subject: BUG: port eq 25 does not work anymore (port = 25 does)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         50947
>Category:       kern
>Synopsis:       BUG: port eq 25 does not work anymore (port = 25 does)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    darrenr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 14 08:10:11 PDT 2003
>Closed-Date:    Mon Jul 05 17:02:41 GMT 2004
>Last-Modified:  Mon Jul 05 17:02:41 GMT 2004
>Originator:     Rene de Vries
>Release:        FreeBSD 4.7-RELEASE-p3 i386/FreeBSD 5.0-20030401 i386
>Organization:
Tunix Internet Security & Training
>Environment:
	FreeBSD 4.7/5.0, IPFilter 3.4.29/3.4.31

>Description:
	Change the order in which keywords are checked.
	The "isalnum" function also matches "eq", "ne", etc, so these
	are always found to be symbolic port names. When reversed, so
	first check "eq", "ne", etc these compares can still be used.

>How-To-Repeat:
	block in quick from any to any port eq 25
>Fix:

Diff against FreeBSD 5 (current as of 1 Apr 2003)

Index: contrib/ipfilter/common.c
===================================================================
RCS file: /home/fbsd-cvsrepo/src/contrib/ipfilter/common.c,v
retrieving revision 1.1.1.6
diff -u -r1.1.1.6 common.c
--- contrib/ipfilter/common.c	15 Feb 2003 06:27:40 -0000	1.1.1.6
+++ contrib/ipfilter/common.c	1 Apr 2003 11:31:03 -0000
@@ -263,7 +263,19 @@
 		return 0;
 	if (!strcasecmp(**seg, "port") && *(*seg + 1) && *(*seg + 2)) {
 		(*seg)++;
-		if (isalnum(***seg) && *(*seg + 2)) {
+		if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq"))
+			comp = FR_EQUAL;
+		else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne"))
+			comp = FR_NEQUAL;
+		else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt"))
+			comp = FR_LESST;
+		else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt"))
+			comp = FR_GREATERT;
+		else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le"))
+			comp = FR_LESSTE;
+		else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge"))
+			comp = FR_GREATERTE;
+		else if (isalnum(***seg) && *(*seg + 2)) {
 			if (portnum(**seg, pp, linenum) == 0)
 				return -1;
 			(*seg)++;
@@ -285,19 +297,7 @@
 			}
 			if (portnum(**seg, tp, linenum) == 0)
 				return -1;
-		} else if (!strcmp(**seg, "=") || !strcasecmp(**seg, "eq"))
-			comp = FR_EQUAL;
-		else if (!strcmp(**seg, "!=") || !strcasecmp(**seg, "ne"))
-			comp = FR_NEQUAL;
-		else if (!strcmp(**seg, "<") || !strcasecmp(**seg, "lt"))
-			comp = FR_LESST;
-		else if (!strcmp(**seg, ">") || !strcasecmp(**seg, "gt"))
-			comp = FR_GREATERT;
-		else if (!strcmp(**seg, "<=") || !strcasecmp(**seg, "le"))
-			comp = FR_LESSTE;
-		else if (!strcmp(**seg, ">=") || !strcasecmp(**seg, "ge"))
-			comp = FR_GREATERTE;
-		else {
+		} else {
 			fprintf(stderr, "%d: unknown comparator (%s)\n",
 					linenum, **seg);
 			return -1;

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Mon Apr 14 11:26:02 PDT 2003 
Responsible-Changed-Why:  
Over to Darren. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50947 

Adding to audit trail, from misfiled PR 50952.

Message-Id: <200304141722.DAA28903@avalon.reed.wattle.id.au>
Date: Tue, 15 Apr 2003 03:22:48 +1000
From: Darren Reed <darrenr@reed.wattle.id.au>
In-Reply-To: <200304141501.h3EF1CsF072688@upsilix.tunix.nl>
Subject: Re: BUG: port eq 25 does not work anymore (port = 25 does)

 Thanks for the patch.
 
State-Changed-From-To: open->feedback 
State-Changed-By: darrenr 
State-Changed-When: Tue Apr 20 05:53:32 PDT 2004 
State-Changed-Why:  
change present in ipfilter, already 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50947 
State-Changed-From-To: feedback->closed 
State-Changed-By: darrenr 
State-Changed-When: Mon Jul 5 17:01:21 GMT 2004 
State-Changed-Why:  
patch fixed in -current & RELENG_4 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50947 
>Unformatted:
