Don't need to copy strings around and hardcode the max table len from pf

internals, just assign a pointer (eventually from argv.)

while here also add a usage() function and error if more than one
argument are passed.
This commit is contained in:
Omar Polo 2022-09-19 20:23:32 +02:00 committed by Solene Rapenne
parent 550cfca6d1
commit 5ac1e2631b
2 changed files with 42 additions and 24 deletions

View File

@ -1,6 +1,6 @@
PREFIX?=/usr/local
PREFIX = /usr/local
CFLAGS += -pedantic -Wall -Wextra -Wmissing-prototypes \
CFLAGS = -pedantic -Wall -Wextra -Wmissing-prototypes \
-Werror -Wshadow -Wstrict-overflow -fno-strict-aliasing \
-Wstrict-prototypes -Wwrite-strings \
-Os

50
main.c
View File

@ -1,24 +1,32 @@
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <err.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <syslog.h>
#include <sys/wait.h>
#include <unistd.h>
#include <sys/socket.h>
#define DEFAULT_TABLE "iblocked"
#define TABLE_LEN 32 /* see PF_TABLE_NAME_SIZE in net/pfvar.h */
int main(int argc, char *argv[]){
static void __dead
usage(void)
{
fprintf(stderr, "usage: %s [table]\n", getprogname());
exit(1);
}
int
main(int argc, char *argv[])
{
struct sockaddr_storage sock = {0};
socklen_t slen = sizeof(sock);
char ip[INET6_ADDRSTRLEN] = {'\0'}; /* INET6_ADDRSTRLEN > INET_ADDRSTRLEN */
char table[TABLE_LEN] = DEFAULT_TABLE;
int status = 0;
const char *table = DEFAULT_TABLE;
int ch, status = 0;
pid_t id;
if (unveil("/usr/bin/doas", "rx") != 0)
@ -26,10 +34,20 @@ int main(int argc, char *argv[]){
if (pledge("exec inet proc stdio", NULL) != 0)
err(1, "pledge");
/* configuration */
if (argc == 2)
if (strlcpy(table, argv[1], TABLE_LEN) >= sizeof(table))
errx(1, "table name is too long");
while ((ch = getopt(argc, argv, "")) != -1) {
switch (ch) {
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc > 1)
usage();
if (argc == 1)
table = *argv;
/* get socket structure */
if (getpeername(STDIN_FILENO, (struct sockaddr *)&sock, &slen))
@ -40,7 +58,8 @@ int main(int argc, char *argv[]){
NULL, 0, NI_NUMERICHOST);
if (status != 0) {
syslog(LOG_DAEMON, "getnameinfo error");
syslog(LOG_DAEMON, "getnameinfo error: %s",
gai_strerror(status));
exit(1);
}
@ -57,7 +76,6 @@ int main(int argc, char *argv[]){
syslog(LOG_DAEMON, "blocking %s", ip);
execl("/usr/bin/doas", "doas", "/sbin/pfctl",
"-t", table, "-T", "add", ip, NULL);
} else {
// parent process
wait(NULL);