From daa036ab29b3b631024303b79474dba44bcc1380 Mon Sep 17 00:00:00 2001 From: dlg Date: Mon, 28 Mar 2022 02:58:06 +0000 Subject: [PATCH] tweak the pflog ifname filter to include the terminating nul. without this the code effectively just compares the start of the string, which means you can get a prefix match unexpectedly. including the nul in the comparison means it only works for whole interface names, as it was originally intended. reported by Aner Perez on misc@ ok deraadt@ (who also dug through the history behind this) --- lib/libpcap/gencode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libpcap/gencode.c b/lib/libpcap/gencode.c index d15f17403d5..572e48d1f7a 100644 --- a/lib/libpcap/gencode.c +++ b/lib/libpcap/gencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gencode.c,v 1.60 2022/02/13 20:02:30 otto Exp $ */ +/* $OpenBSD: gencode.c,v 1.61 2022/03/28 02:58:06 dlg Exp $ */ /* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 @@ -3230,7 +3230,7 @@ gen_pf_ifname(char *ifname) len - 1); /* NOTREACHED */ } - b0 = gen_bcmp(off, strlen(ifname), ifname); + b0 = gen_bcmp(off, strlen(ifname) + 1, ifname); return (b0); } -- 2.20.1