From 47dc4afdc09716f1c3d802090ba6821f2267e3f1 Mon Sep 17 00:00:00 2001
From: jamie <jamie@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Wed, 29 Aug 2012 18:40:12 +0000
Subject: [PATCH] MFS r239854 (including MFC r239601, r239602, r239621):

 Remember that I'm using length-defined strings in parameters:

  Don't include the null terminator when recomputing the parameter
  length when stripping the netmask from IP addresses.  This was
  causing later addresses in a comma-separated string to disappear.

  Use memcpy instead of strcpy.  This could just cause Bad Things.

  Add a null byte when comma-combining array parameters.

  Pre-separate IP addresses passed on the command line, so they can be
  properly parsed for interface prefixes and netmask suffixes.  This was
  already done for the old-style (fixed) command line, but missed for
  the new-style.

PR:		170832
Approved by:	re (kib)


git-svn-id: svn://svn.freebsd.org/base/releng/9.1@239871 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 usr.sbin/jail/config.c | 13 ++++++-------
 usr.sbin/jail/jail.c   | 28 ++++++++++++++++++++++++++--
 2 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c
index 16f50956..d983675f 100644
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@@ -596,7 +596,7 @@ check_intparams(struct cfjail *j)
 					error = -1;	
 				}
 				*cs = '\0';
-				s->len = cs - s->s + 1;
+				s->len = cs - s->s;
 			}
 		}
 	}
@@ -620,7 +620,7 @@ check_intparams(struct cfjail *j)
 					error = -1;	
 				}
 				*cs = '\0';
-				s->len = cs - s->s + 1;
+				s->len = cs - s->s;
 			}
 		}
 	}
@@ -712,12 +712,11 @@ import_params(struct cfjail *j)
 			value = alloca(vallen);
 			cs = value;
 			TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) {
-				strcpy(cs, s->s);
-				if (ts != NULL) {
-					cs += s->len + 1;
-					cs[-1] = ',';
-				}
+				memcpy(cs, s->s, s->len);
+				cs += s->len + 1;
+				cs[-1] = ',';
 			}
+			value[vallen - 1] = '\0';
 		}
 		if (jailparam_import(jp, value) < 0) {
 			error = -1;
diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c
index 4fc03c91..91c4988f 100644
--- a/usr.sbin/jail/jail.c
+++ b/usr.sbin/jail/jail.c
@@ -304,9 +304,33 @@ main(int argc, char **argv)
 				for (i++; i < argc; i++)
 					add_param(NULL, NULL, IP_COMMAND,
 					    argv[i]);
-				break;
 			}
-			add_param(NULL, NULL, 0, argv[i]);
+#ifdef INET
+			else if (!strncmp(argv[i], "ip4.addr=", 9)) {
+				for (cs = argv[i] + 9;; cs = ncs + 1) {
+					ncs = strchr(cs, ',');
+					if (ncs)
+						*ncs = '\0';
+					add_param(NULL, NULL, KP_IP4_ADDR, cs);
+					if (!ncs)
+						break;
+				}
+			}
+#endif
+#ifdef INET6
+			else if (!strncmp(argv[i], "ip6.addr=", 9)) {
+				for (cs = argv[i] + 9;; cs = ncs + 1) {
+					ncs = strchr(cs, ',');
+					if (ncs)
+						*ncs = '\0';
+					add_param(NULL, NULL, KP_IP6_ADDR, cs);
+					if (!ncs)
+						break;
+				}
+			}
+#endif
+			else
+				add_param(NULL, NULL, 0, argv[i]);
 		}
 	} else {
 		/* From the config file, perhaps with a specified jail */
-- 
2.42.0