[src/trunk]: src/usr.sbin/npf/npfctl Don't silently take the first element of...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/24898b9c52ac
branches:  trunk
changeset: 350397:24898b9c52ac
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Jan 11 02:11:21 2017 +0000

description:
Don't silently take the first element of multiple element variables.

diffstat:

 usr.sbin/npf/npfctl/npf_parse.y |  11 ++++++++++-
 usr.sbin/npf/npfctl/npf_var.c   |   8 ++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diffs (75 lines):

diff -r 44e5ec184427 -r 24898b9c52ac usr.sbin/npf/npfctl/npf_parse.y
--- a/usr.sbin/npf/npfctl/npf_parse.y   Wed Jan 11 02:10:44 2017 +0000
+++ b/usr.sbin/npf/npfctl/npf_parse.y   Wed Jan 11 02:11:21 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_parse.y,v 1.40 2017/01/03 01:29:49 rmind Exp $     */
+/*     $NetBSD: npf_parse.y,v 1.41 2017/01/11 02:11:21 christos Exp $  */
 
 /*-
  * Copyright (c) 2011-2017 The NetBSD Foundation, Inc.
@@ -665,6 +665,8 @@
        }
        | static_ifaddrs
        {
+               if (npfvar_get_count($1) != 1)
+                       yyerror("multiple interfaces are not supported");
                ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0);
                $$ = ifna->ifna_addrs;
        }
@@ -765,6 +767,8 @@
        }
        | FLAGS tcp_flags
        {
+               if (npfvar_get_count($2) != 1)
+                       yyerror("multiple tcpflags are not supported");
                char *s = npfvar_get_data($2, NPFVAR_TCPFLAG, 0);
                npfvar_add_elements($2, npfctl_parse_tcpflag(s));
                $$ = $2;
@@ -804,6 +808,9 @@
                        $$ = npfvar_expand_string(vp);
                        break;
                case NPFVAR_INTERFACE:
+                       if (npfvar_get_count(vp) != 1)
+                               yyerror(
+                                   "multiple interfaces are not supported");
                        ifna = npfvar_get_data(vp, type, 0);
                        $$ = ifna->ifna_name;
                        break;
@@ -838,6 +845,8 @@
        | dynamic_ifaddrs
        | static_ifaddrs
        {
+               if (npfvar_get_count($1) != 1)
+                       yyerror("multiple interfaces are not supported");
                ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0);
                npfctl_note_interface(ifna->ifna_name);
                $$ = ifna->ifna_name;
diff -r 44e5ec184427 -r 24898b9c52ac usr.sbin/npf/npfctl/npf_var.c
--- a/usr.sbin/npf/npfctl/npf_var.c     Wed Jan 11 02:10:44 2017 +0000
+++ b/usr.sbin/npf/npfctl/npf_var.c     Wed Jan 11 02:11:21 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_var.c,v 1.9 2015/07/12 23:54:44 rmind Exp $        */
+/*     $NetBSD: npf_var.c,v 1.10 2017/01/11 02:11:21 christos Exp $    */
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_var.c,v 1.9 2015/07/12 23:54:44 rmind Exp $");
+__RCSID("$NetBSD: npf_var.c,v 1.10 2017/01/11 02:11:21 christos Exp $");
 
 #include <stdlib.h>
 #include <string.h>
@@ -188,6 +188,10 @@
 char *
 npfvar_expand_string(const npfvar_t *vp)
 {
+       if (npfvar_get_count(vp) != 1)
+               yyerror("variable '%s' type '%s' has %zu elements", vp->v_key,
+                   npfvar_type(vp->v_type), npfvar_get_count(vp));
+                       
        return npfvar_get_data(vp, NPFVAR_STRING, 0);
 }