In the non-optimized case, an address list containing "any" (ie. { any 10.0.0.1 })

should be folded in the parser to any, not to 10.0.0.1.  How long this bug has
been with us is unclear.
ok guenther mcbride

2 files changed, 14 insertions, 5 deletions

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 6b25add1ff8..a6802f8ee55 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.578 2009/12/24 10:06:35 sobrado Exp $	*/
+/*	$OpenBSD: parse.y,v 1.579 2010/01/10 07:45:41 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -2676,11 +2676,13 @@ ipspec		: ANY				{ $$ = NULL; }
 
 host_list	: ipspec optnl			{ $$ = $1; }
 		| host_list comma ipspec optnl	{
-			if ($3 == NULL)
+			if ($1 == NULL) {
+				freehostlist($3);
 				$$ = $1;
-			else if ($1 == NULL)
+			} else if ($3 == NULL) {
+				freehostlist($1);
 				$$ = $3;
-			else {
+			} else {
 				$1->tail->next = $3;
 				$1->tail = $3->tail;
 				$$ = $1;
@@ -4834,6 +4836,12 @@ expand_skip_interface(struct node_if *interfaces)
 		return (0);
 }
 
+void
+freehostlist(struct node_host *h)
+{
+	FREE_LIST(struct node_host, h);
+}
+
 #undef FREE_LIST
 #undef LOOP_THROUGH
 
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 8b7eca95a2d..9e37f2202c7 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.h,v 1.89 2009/09/01 13:42:00 henning Exp $ */
+/*	$OpenBSD: pfctl_parser.h,v 1.90 2010/01/10 07:45:41 deraadt Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -123,6 +123,7 @@ struct node_host {
 	struct node_host	*next;
 	struct node_host	*tail;
 };
+void	freehostlist(struct node_host *);
 
 struct node_os {
 	char			*os;