This simple diff adds a check to the add_nat() function in
ftp-proxy(8) to ensure that nat_range_high is defined before
proceeding to create the PF NAT rule. I think the original author
may have intended to do this since there is an existing check for
nat_range_low.
Technically, all calls to add_nat() already use non-zero values for
nat_range_low and nat_range_high, but I think it is still important
to add the check as an additional safeguard in case those calls do
change in the future.
Comments?
Thanks,
Lawrence
Index: filter.c
===================================================================
RCS file: /cvs/src/usr.sbin/ftp-proxy/filter.c,v
retrieving revision 1.17
diff -u -p -r1.17 filter.c
--- filter.c 6 Mar 2012 12:50:20 -0000 1.17
+++ filter.c 16 Apr 2012 03:17:47 -0000
@@ -70,7 +70,7 @@ add_nat(u_int32_t id, struct sockaddr *s
u_int16_t d_port, struct sockaddr *nat, u_int16_t nat_range_low,
u_int16_t nat_range_high)
{
- if (!src || !dst || !d_port || !nat || !nat_range_low ||
+ if (!src || !dst || !d_port || !nat || !nat_range_low ||
!nat_range_high ||
(src->sa_family != nat->sa_family)) {
errno = EINVAL;
return (-1);
