On Wed, Apr 18, 2012 at 11:36:49PM -0400, Lawrence Teo wrote:
> This simple diff adds a check to the add_nat() function in
> ftp-proxy(8) to ensure that nat_range_high is defined before
> proceeding to create the PF NAT rule. I think the original author
> may have intended to do this since there is an existing check for
> nat_range_low.
>
> Technically, all calls to add_nat() already use non-zero values for
> nat_range_low and nat_range_high, but I think it is still important
> to add the check as an additional safeguard in case those calls do
> change in the future.
I received a reply mentioning that my original diff overran 80 columns
columns but was otherwise ok. Here is a revised diff that keeps the
lines within 80 columns.
Lawrence
Index: filter.c
===================================================================
RCS file: /cvs/src/usr.sbin/ftp-proxy/filter.c,v
retrieving revision 1.17
diff -u -p -r1.17 filter.c
--- filter.c 6 Mar 2012 12:50:20 -0000 1.17
+++ filter.c 20 Apr 2012 00:55:18 -0000
@@ -71,7 +71,7 @@ add_nat(u_int32_t id, struct sockaddr *s
u_int16_t nat_range_high)
{
if (!src || !dst || !d_port || !nat || !nat_range_low ||
- (src->sa_family != nat->sa_family)) {
+ !nat_range_high || (src->sa_family != nat->sa_family)) {
errno = EINVAL;
return (-1);
}
