Actions
Bug #11762
closed
Invalid combinations of TCP flag matching options cause ``pfctl`` parser error
Start date:
03/31/2021
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
Description
There were error(s) loading the rules: /tmp/rules.debug:170: flags always false - The line in question reads [170]: pass in quick on $SYNC inet proto tcp from 7.7.7.7 to any tracker 1617182080 flags SAUEW/P keep state label "USER_RULE: testflags" @ 2021-03-31 15:02:16
input validation must check TCP flags for condition:
https://github.com/pfsense/FreeBSD-src/blob/da3fcfc9b768892ebf17aa92bd10761e2c76a72d/sbin/pfctl/parse.y#L891
Updated by Jim Pingle about 3 years ago
- Subject changed from pfctl parser error if TCP 'out of' flags < TCP 'set' flags to Invalid combinations of TCP flag matching options cause ``pfctl`` parser error
- Target version set to CE-Next
Updating subject for release notes
Updated by Viktor Gurov about 3 years ago
extra input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/214
Updated by Jim Pingle about 3 years ago
- Status changed from New to Pull Request Review
Updated by Viktor Gurov almost 3 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 6a6b7b0b804d1d3d14d02775efb1fe2bb621a73f.
Updated by Jim Pingle almost 3 years ago
- Target version changed from CE-Next to 2.6.0
Updated by Danilo Zrenjanin almost 3 years ago
- Status changed from Feedback to Resolved
Tested on the latest release. It looks good.
Ticket resolved.
Updated by Jim Pingle almost 3 years ago
- Target version changed from 2.6.0 to 2.5.2
Updated by
Actions