Prevent invalid interface specifiers on queue rules

pf.conf(5) states that queues attach to actual interfaces only, yet the
following parses:

	# echo queue eq on egress bandwidth 1G default | pfctl -f-
	# pfctl -sq
	pfctl: DIOCGETQSTATS: Bad file descriptor

	# echo queue rq on rdomain 0 bandwidth 1G default | pfctl -vf-
	queue rq bandwidth 1G default
	# pfctl -sq
	pfctl: DIOCGETQSTATS: Bad file descriptor

On rdomains, ifa_exists() returns NULL.
On interface groups, ifa_exists() returns non-NULL but af is never set
to AF_LINK.

OK henning sashan

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 0dfe9c6..949613f 100644 (file)
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.679 2018/07/11 07:39:22 krw Exp $ */
+/*     $OpenBSD: parse.y,v 1.680 2018/07/11 18:06:25 kn Exp $  */
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -1326,12 +1326,20 @@ table_host_list : tablespec optnl                       { $$ = $1; }
                }
                ;
 
-queuespec      : QUEUE STRING interface queue_opts             {
-                       if ($3 == NULL && $4.parent == NULL) {
+queuespec      : QUEUE STRING ON if_item queue_opts            {
+                       struct node_host        *n;
+
+                       if ($4 == NULL && $5.parent == NULL) {
                                yyerror("root queue without interface");
                                YYERROR;
                        }
-                       expand_queue($2, $3, &$4);
+                       if ((n = ifa_exists($4->ifname)) == NULL ||
+                           n->af != AF_LINK) {
+                               yyerror("not an interface");
+                               YYERROR;
+                       }
+
+                       expand_queue($2, $4, &$5);
                }
                ;