Download raw body.
authpf: fix dead whitespace-trim loop in read_config
read_config() tries to strip trailing whitespace from an authpf.conf
value, but the loop begins at the NUL terminator, so it never runs and
the whitespace is kept. A line like "anchor=authpf " then loads the
session's rules under the anchor "authpf ", which the "authpf/*" anchor
in pf.conf never evaluates. A line like "table=authpf_users " asks the
kernel to add the address to a table that does not exist: DIOCRADDADDRS
returns ESRCH, and change_table() ignores it. Either way authpf tells
the user they are authenticated and then passes none of the traffic it
was supposed to allow, and no error is logged.
Start at the last character, and test the bound before dereferencing.
Tested on -current. With the trailing space, an authenticated session
leaves <authpf_users> empty and its traffic blocked, and "pfctl -sA"
shows where the rules actually went:
authpf
authpf
authpf /testuser(44922)
With the diff the same authpf.conf behaves like one without the space;
reverting it brings the failure back.
diff --git a/usr.sbin/authpf/authpf.c b/usr.sbin/authpf/authpf.c
index bc410c0631c..3984e4d78d2 100644
--- a/usr.sbin/authpf/authpf.c
+++ b/usr.sbin/authpf/authpf.c
@@ -396,8 +396,8 @@ read_config(FILE *f)
if (ap != &pair[2])
goto parse_error;
- tp = pair[1] + strlen(pair[1]);
- while ((*tp == ' ' || *tp == '\t') && tp >= pair[1])
+ tp = pair[1] + strlen(pair[1]) - 1;
+ while (tp >= pair[1] && (*tp == ' ' || *tp == '\t'))
*tp-- = '\0';
if (strcasecmp(pair[0], "anchor") == 0) {
authpf: fix dead whitespace-trim loop in read_config