diff options
author | Guy Harris <gharris@sonic.net> | 2023-05-06 17:03:30 -0700 |
---|---|---|
committer | Guy Harris <gharris@sonic.net> | 2023-05-06 17:03:30 -0700 |
commit | 9b5717f99da297da2bd4f7a5851414cd30db37eb (patch) | |
tree | 09375bd4144d53656d749c4b3f548837d75dc281 | |
parent | c6fb4eb56c839a3f04b51181992ba14b05d57bd2 (diff) | |
download | libpcap-9b5717f99da297da2bd4f7a5851414cd30db37eb.tar.gz |
compiler: do earlier error checking for bogus arguments.
Report specific errors for various IP address and IP address+netmask
combinations when used as arguments to port, portrange, proto, and
protochain.
-rw-r--r-- | grammar.y.in | 92 |
1 files changed, 77 insertions, 15 deletions
diff --git a/grammar.y.in b/grammar.y.in index b8dabf7e..746f6ec2 100644 --- a/grammar.y.in +++ b/grammar.y.in @@ -446,25 +446,59 @@ id: nid | paren pid ')' { $$ = $2; } ; nid: ID { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_scode(cstate, $1, $$.q = $<blk>0.q))); } - | HID '/' NUM { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_mcode(cstate, $1, NULL, $3, - $$.q = $<blk>0.q))); } - | HID NETMASK HID { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_mcode(cstate, $1, $3, 0, - $$.q = $<blk>0.q))); } + | HID '/' NUM { + CHECK_PTR_VAL($1); + /* Check whether HID/NUM is being used when appropriate */ + $$.q = $<blk>0.q; + if ($$.q.addr == Q_PORT) { + bpf_set_error(cstate, "'port' modifier applied to <ipaddr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PORTRANGE) { + bpf_set_error(cstate, "'portrange' modifier applied to <ipaddr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PROTO) { + bpf_set_error(cstate, "'proto' modifier applied to <ipaddr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PROTOCHAIN) { + bpf_set_error(cstate, "'protochain' modifier applied to <ipaddr>/<prefixlen>"); + YYABORT; + } + CHECK_PTR_VAL(($$.b = gen_mcode(cstate, $1, NULL, $3, $$.q))); + } + | HID NETMASK HID { + CHECK_PTR_VAL($1); + /* Check whether HID maesk HID is being used when appropriate */ + $$.q = $<blk>0.q; + if ($$.q.addr == Q_PORT) { + bpf_set_error(cstate, "'port' modifier applied to <ipnet> mask <netmask>"); + YYABORT; + } else if ($$.q.addr == Q_PORTRANGE) { + bpf_set_error(cstate, "'portrange' modifier applied to <ipnet> mask <netmask>"); + YYABORT; + } else if ($$.q.addr == Q_PROTO) { + bpf_set_error(cstate, "'proto' modifier applied to <ipnet> mask <netmask>"); + YYABORT; + } else if ($$.q.addr == Q_PROTOCHAIN) { + bpf_set_error(cstate, "'protochain' modifier applied to <ipnet> mask <netmask>"); + YYABORT; + } + CHECK_PTR_VAL(($$.b = gen_mcode(cstate, $1, $3, 0, $$.q))); + } | HID { CHECK_PTR_VAL($1); - /* Decide how to parse HID based on proto */ + /* Check whether HID is being used when appropriate */ $$.q = $<blk>0.q; if ($$.q.addr == Q_PORT) { - bpf_set_error(cstate, "'port' modifier applied to ip host"); + bpf_set_error(cstate, "'port' modifier applied to <ipaddr>"); YYABORT; } else if ($$.q.addr == Q_PORTRANGE) { - bpf_set_error(cstate, "'portrange' modifier applied to ip host"); + bpf_set_error(cstate, "'portrange' modifier applied to <ipaddr>"); YYABORT; } else if ($$.q.addr == Q_PROTO) { - bpf_set_error(cstate, "'proto' modifier applied to ip host"); + bpf_set_error(cstate, "'proto' modifier applied to <ipaddr>"); YYABORT; } else if ($$.q.addr == Q_PROTOCHAIN) { - bpf_set_error(cstate, "'protochain' modifier applied to ip host"); + bpf_set_error(cstate, "'protochain' modifier applied to <ipaddr>"); YYABORT; } CHECK_PTR_VAL(($$.b = gen_ncode(cstate, $1, 0, $$.q))); @@ -472,10 +506,24 @@ nid: ID { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_scode(cstate, $1, $$. | HID6 '/' NUM { CHECK_PTR_VAL($1); #ifdef INET6 - CHECK_PTR_VAL(($$.b = gen_mcode6(cstate, $1, $3, - $$.q = $<blk>0.q))); + /* Check whether HID6/NUM is being used when appropriate */ + $$.q = $<blk>0.q; + if ($$.q.addr == Q_PORT) { + bpf_set_error(cstate, "'port' modifier applied to <ip6addr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PORTRANGE) { + bpf_set_error(cstate, "'portrange' modifier applied to <ip6addr>/<prefixlen>"); + YYABORT; + } else if ($$.q.addr == Q_PROTO) { + bpf_set_error(cstate, "'proto' modifier applied to 'ip6addr/prefixlen"); + YYABORT; + } else if ($$.q.addr == Q_PROTOCHAIN) { + bpf_set_error(cstate, "'protochain' modifier applied to <ip6addr>/<prefixlen>"); + YYABORT; + } + CHECK_PTR_VAL(($$.b = gen_mcode6(cstate, $1, $3, $$.q))); #else - bpf_set_error(cstate, "'ip6addr/prefixlen' not supported " + bpf_set_error(cstate, "<ip6addr>/<prefixlen> not supported " "in this configuration"); YYABORT; #endif /*INET6*/ @@ -483,10 +531,24 @@ nid: ID { CHECK_PTR_VAL($1); CHECK_PTR_VAL(($$.b = gen_scode(cstate, $1, $$. | HID6 { CHECK_PTR_VAL($1); #ifdef INET6 - CHECK_PTR_VAL(($$.b = gen_mcode6(cstate, $1, 128, - $$.q = $<blk>0.q))); + /* Check whether HID6 is being used when appropriate */ + $$.q = $<blk>0.q; + if ($$.q.addr == Q_PORT) { + bpf_set_error(cstate, "'port' modifier applied to <ip6addr>"); + YYABORT; + } else if ($$.q.addr == Q_PORTRANGE) { + bpf_set_error(cstate, "'portrange' modifier applied to <ip6addr>"); + YYABORT; + } else if ($$.q.addr == Q_PROTO) { + bpf_set_error(cstate, "'proto' modifier applied to 'ip6addr/prefixlen"); + YYABORT; + } else if ($$.q.addr == Q_PROTOCHAIN) { + bpf_set_error(cstate, "'protochain' modifier applied to <ip6addr>"); + YYABORT; + } + CHECK_PTR_VAL(($$.b = gen_mcode6(cstate, $1, 128, $$.q))); #else - bpf_set_error(cstate, "'ip6addr' not supported " + bpf_set_error(cstate, "<ip6addr> not supported " "in this configuration"); YYABORT; #endif /*INET6*/ |