Do not crash when lists include the "any" keyword. Reported by

<ralf.horstmann at gmx.net>, thanks! Slightly different fix. Also add a regression test. ok mpf@
author: hshoexer <hshoexer@openbsd.org> 2007-05-10 06:10:04 +0000
committer: hshoexer <hshoexer@openbsd.org> 2007-05-10 06:10:04 +0000
commit: d758587cffc56b5bb6ef60930aab1dc65aaad87f (patch)
tree: b0aca2a04edee54958404f50cfcc3c96f30d443d
parent: also print where (primary) swap and dumps are; ok miod (diff)
download: wireguard-openbsd-d758587cffc56b5bb6ef60930aab1dc65aaad87f.tar.xz
wireguard-openbsd-d758587cffc56b5bb6ef60930aab1dc65aaad87f.zip
4 files changed, 62 insertions, 3 deletions
diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index fd13187819b..72adeee3f8e 100644
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.48 2007/03/16 20:51:01 markus Exp $
+# $OpenBSD: Makefile,v 1.49 2007/05/10 06:10:04 hshoexer Exp $
 
 # you can update the *.ok files with: make -i | patch
 # TARGETS
@@ -19,7 +19,7 @@ IKEFAIL=1 3 4 5 6 7 8 9 10 11 12
 IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
 IKETESTS+=16 17 18 19 20 21 22 23
 IKETESTS+=29 30 31 32 33 34 35 36 37 38 39 40
-IKETESTS+=41 42 43 46 47 48 49 50 51 52 53 54 55 56 57
+IKETESTS+=41 42 43 46 47 48 49 50 51 52 53 54 55 56 57 58
 
 IKEDELTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
 IKEDELTESTS+=16 17 18 19 20 21 22 23
diff --git a/regress/sbin/ipsecctl/ike58.in b/regress/sbin/ipsecctl/ike58.in
new file mode 100644
index 00000000000..546522ba2d1
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike58.in
@@ -0,0 +1 @@
+ike from { any, ::/0 } to any
diff --git a/regress/sbin/ipsecctl/ike58.ok b/regress/sbin/ipsecctl/ike58.ok
new file mode 100644
index 00000000000..55716265dd3
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike58.ok
@@ -0,0 +1,57 @@
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=mm-default force
+C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
+C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Phase=2 force
+C set [IPsec-0.0.0.0/0-0.0.0.0/0]:ISAKMP-peer=peer-default force
+C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Configuration=qm-0.0.0.0/0-0.0.0.0/0 force
+C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Local-ID=lid-0.0.0.0/0 force
+C set [IPsec-0.0.0.0/0-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force
+C set [qm-0.0.0.0/0-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-0.0.0.0/0-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-0.0.0.0/0]:Network=0.0.0.0 force
+C set [lid-0.0.0.0/0]:Netmask=0.0.0.0 force
+C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-0.0.0.0/0]:Network=0.0.0.0 force
+C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force
+C add [Phase 2]:Connections=IPsec-0.0.0.0/0-0.0.0.0/0
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=mm-default force
+C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
+C set [IPsec-::/0-::/0]:Phase=2 force
+C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
+C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
+C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
+C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
+C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [lid-::/0]:Network=:: force
+C set [lid-::/0]:Netmask=:: force
+C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [rid-::/0]:Network=:: force
+C set [rid-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=IPsec-::/0-::/0
+C set [Phase 1]:Default=peer-default force
+C set [peer-default]:Phase=1 force
+C set [peer-default]:Configuration=mm-default force
+C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
+C set [IPsec-::/0-::/0]:Phase=2 force
+C set [IPsec-::/0-::/0]:ISAKMP-peer=peer-default force
+C set [IPsec-::/0-::/0]:Configuration=qm-::/0-::/0 force
+C set [IPsec-::/0-::/0]:Local-ID=lid-::/0 force
+C set [IPsec-::/0-::/0]:Remote-ID=rid-::/0 force
+C set [qm-::/0-::/0]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-::/0-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [lid-::/0]:Network=:: force
+C set [lid-::/0]:Netmask=:: force
+C set [rid-::/0]:ID-type=IPV6_ADDR_SUBNET force
+C set [rid-::/0]:Network=:: force
+C set [rid-::/0]:Netmask=:: force
+C add [Phase 2]:Connections=IPsec-::/0-::/0
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index be9f4bcade3..48344759d39 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.122 2007/03/16 20:51:01 markus Exp $	*/
+/*	$OpenBSD: parse.y,v 1.123 2007/05/10 06:10:04 hshoexer Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -495,6 +495,7 @@ host		: STRING			{
 				err(1, "host: calloc");
 			ipa->af = AF_UNSPEC;
 			ipa->netaddress = 1;
+			ipa->tail = ipa;
 			$$ = ipa;
 		}
 		| '{' host_list '}'		{ $$ = $2; }
author	hshoexer <hshoexer@openbsd.org>	2007-05-10 06:10:04 +0000
committer	hshoexer <hshoexer@openbsd.org>	2007-05-10 06:10:04 +0000
commit	d758587cffc56b5bb6ef60930aab1dc65aaad87f (patch)
tree	b0aca2a04edee54958404f50cfcc3c96f30d443d
parent	also print where (primary) swap and dumps are; ok miod (diff)
download	wireguard-openbsd-d758587cffc56b5bb6ef60930aab1dc65aaad87f.tar.xz wireguard-openbsd-d758587cffc56b5bb6ef60930aab1dc65aaad87f.zip