diff options
| author |   frantzen <frantzen@openbsd.org> | 2002-06-18 20:07:58 +0000 |
|---|---|---|
| committer | frantzen <frantzen@openbsd.org> | 2002-06-18 20:07:58 +0000 |
| commit | 507c7f85c8bd5b59f62801abcc714a3d408b3136 (patch) | |
| tree | aadb91055be0816e1672a7bbd2f57e9753a3e41b | |
| parent | Fix double-free. (diff) | |
| download | wireguard-openbsd-507c7f85c8bd5b59f62801abcc714a3d408b3136.tar.xz wireguard-openbsd-507c7f85c8bd5b59f62801abcc714a3d408b3136.zip | |
don't allow individual keep state rules to specify timeouts for 'interval' and
'frag' -- they aren't applied anyway
ok dhartmei@ and henning@
| -rw-r--r-- | sbin/pfctl/parse.y | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 6697c7ff989..ca323aeda81 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.101 2002/06/16 23:22:18 aaron Exp $ */ +/* $OpenBSD: parse.y,v 1.102 2002/06/18 20:07:58 frantzen Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -1104,6 +1104,10 @@ state_opt_item : MAXIMUM NUMBER { yyerror("illegal timeout name %s", $1); YYERROR; } + if (strchr(pf_timeouts[i].name, '.') == NULL) { + yyerror("illegal state timeout %s", $1); + YYERROR; + } if ($2 < 0) { yyerror("illegal timeout value %d", $2); YYERROR; |