From b16787cd5ff04bebbd46348c0cddc3478316a28a Mon Sep 17 00:00:00 2001
From: Michael Nickerson <darkshadow02@me.com>
Date: Thu, 7 Dec 2023 19:12:11 -0500
Subject: [PATCH] Fix for OpenBSD 7.4

Fixes a change made in OpenBSD 7.4
---
 miniupnpd/pf/obsdrdr.c   | 66 ++++++++++++++++++++++++++++++++++++++--
 miniupnpd/pf/pfpinhole.c | 53 +++++++++++++++++++++++++++++---
 2 files changed, 112 insertions(+), 7 deletions(-)

diff --git a/miniupnpd/pf/obsdrdr.c b/miniupnpd/pf/obsdrdr.c
index 86c67f2..e9e05aa 100644
--- a/miniupnpd/pf/obsdrdr.c
+++ b/miniupnpd/pf/obsdrdr.c
@@ -1,8 +1,8 @@
-/* $Id: obsdrdr.c,v 1.101 2022/02/19 19:15:24 nanard Exp $ */
+/* $Id: obsdrdr.c,v 1.102 2023/12/07 18:56:32 nanard Exp $ */
 /* vim: tabstop=4 shiftwidth=4 noexpandtab
  * MiniUPnP project
  * http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
- * (c) 2006-2022 Thomas Bernard
+ * (c) 2006-2023 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -74,6 +74,17 @@
 #error "USE_PF macro is undefined, check consistency between config.h and Makefile"
 #else
 
+#if defined(PF_NEWSTYLE) && defined(DIOCXEND)
+#define PF_RELEASETICKETS
+#define release_ticket(device, ticket_num) {\
+	if (ioctl((device), DIOCXEND, &(ticket_num)) < 0) {\
+		syslog(LOG_ERR, "ioctl(dev, DIOCXEND, ...): %m");\
+	}\
+}
+#else
+#define release_ticket(device, ticket_num)	(void)(ticket_num)
+#endif
+
 /* list to keep timestamps for port mappings having a lease duration */
 struct timestamp_entry {
 	struct timestamp_entry * next;
@@ -463,6 +474,7 @@ static int
 delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t iaddr)
 {
 	int i, n;
+	unsigned int tnum;
 	struct pfioc_rule pr;
 	UNUSED(ifname);
 	if(dev<0) {
@@ -483,12 +495,16 @@ delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t
 		goto error;
 	}
 	n = pr.nr;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif /* PF_RELEASETICKETS */
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+			release_ticket(dev, tnum);
 			goto error;
 		}
 #ifdef TEST
@@ -504,6 +520,7 @@ delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
+				release_ticket(dev, tnum);
 				goto error;
 			}
 			pr.action = PF_CHANGE_REMOVE;
@@ -511,11 +528,14 @@ delete_nat_rule(const char * ifname, unsigned short iport, int proto, in_addr_t
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
+				release_ticket(dev, tnum);
 				goto error;
 			}
+			release_ticket(dev, tnum);
 			return 0;
 		}
 	}
+	release_ticket(dev, tnum);
 	syslog(LOG_NOTICE, "could not find nat rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
 error:
 	return -1;
@@ -827,6 +847,7 @@ get_redirect_rule_count(const char * ifname)
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
 		return -1;
 	}
+	release_ticket(dev, pr.ticket);
 	return pr.nr;
 }
 
@@ -842,6 +863,7 @@ get_redirect_rule(const char * ifname, unsigned short eport, int proto,
                   u_int64_t * packets, u_int64_t * bytes)
 {
 	int i, n;
+	unsigned int tnum;
 	struct pfioc_rule pr;
 #ifndef PF_NEWSTYLE
 	struct pfioc_pooladdr pp;
@@ -863,12 +885,16 @@ get_redirect_rule(const char * ifname, unsigned short eport, int proto,
 		goto error;
 	}
 	n = pr.nr;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif /* PF_RELEASETICKETS */
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+			release_ticket(dev, tnum);
 			goto error;
 		}
 #ifdef __APPLE__
@@ -954,9 +980,11 @@ get_redirect_rule(const char * ifname, unsigned short eport, int proto,
 			}
 			if(timestamp)
 				*timestamp = get_timestamp(eport, proto);
+			release_ticket(dev, tnum);
 			return 0;
 		}
 	}
+	release_ticket(dev, tnum);
 error:
 	return -1;
 }
@@ -977,6 +1005,7 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
                           int check_desc, const char * desc)
 {
 	int i, n;
+	unsigned int tnum;
 	struct pfioc_rule pr;
 	UNUSED(ifname);
 
@@ -995,12 +1024,16 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
 		goto error;
 	}
 	n = pr.nr;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif /* PF_RELEASETICKETS */
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+			release_ticket(dev, tnum);
 			goto error;
 		}
 #ifdef __APPLE__
@@ -1074,6 +1107,7 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
 			if(check_desc) {
 				if((desc == NULL && pr.rule.label[0] == '\0') ||
 				   (desc && 0 == strcmp(desc, pr.rule.label))) {
+					release_ticket(dev, tnum);
 					return 1;
 				}
 			}
@@ -1081,6 +1115,7 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
         	if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
             	syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
+				release_ticket(dev, tnum);
 				goto error;
 			}
 			pr.action = PF_CHANGE_REMOVE;
@@ -1088,12 +1123,15 @@ priv_delete_redirect_rule_check_desc(const char * ifname, unsigned short eport,
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
+				release_ticket(dev, tnum);
 				goto error;
 			}
 			remove_timestamp_entry(eport, proto);
+			release_ticket(dev, tnum);
 			return 0;
 		}
 	}
+	release_ticket(dev, tnum);
 	syslog(LOG_NOTICE, "could not find redirect rule to delete eport=%hu", eport);
 error:
 	return -1;
@@ -1115,6 +1153,7 @@ priv_delete_filter_rule(const char * ifname, unsigned short iport,
 	return 0;
 #else
 	int i, n;
+	unsigned int tnum;
 	struct pfioc_rule pr;
 	UNUSED(ifname);
 	if(dev<0) {
@@ -1130,12 +1169,16 @@ priv_delete_filter_rule(const char * ifname, unsigned short iport,
 		goto error;
 	}
 	n = pr.nr;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif /* PF_RELEASETICKETS */
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 		{
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+			release_ticket(dev, tnum);
 			goto error;
 		}
 #ifdef TEST
@@ -1153,6 +1196,7 @@ syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x",
         	if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
             	syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
+				release_ticket(dev, tnum);
 				goto error;
 			}
 			pr.action = PF_CHANGE_REMOVE;
@@ -1160,11 +1204,14 @@ syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x",
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
 			{
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
+				release_ticket(dev, tnum);
 				goto error;
 			}
+			release_ticket(dev, tnum);
 			return 0;
 		}
 	}
+	release_ticket(dev, tnum);
 	syslog(LOG_NOTICE, "could not find filter rule to delete iport=%hu addr=%8x", iport, ntohl(iaddr));
 error:
 	return -1;
@@ -1207,6 +1254,7 @@ get_redirect_rule_by_index(int index,
                            u_int64_t * packets, u_int64_t * bytes)
 {
 	int n;
+	unsigned int tnum;
 	struct pfioc_rule pr;
 #ifndef PF_NEWSTYLE
 	struct pfioc_pooladdr pp;
@@ -1230,10 +1278,14 @@ get_redirect_rule_by_index(int index,
 	n = pr.nr;
 	if(index >= n)
 		goto error;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif /* PF_RELEASETICKETS */
 	pr.nr = index;
 	if(ioctl(dev, DIOCGETRULE, &pr) < 0)
 	{
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+		release_ticket(dev, tnum);
 		goto error;
 	}
 	*proto = pr.rule.proto;
@@ -1318,6 +1370,7 @@ get_redirect_rule_by_index(int index,
 	}
 	if(timestamp)
 		*timestamp = get_timestamp(*eport, *proto);
+	release_ticket(dev, tnum);
 	return 0;
 error:
 	return -1;
@@ -1330,7 +1383,7 @@ get_portmappings_in_range(unsigned short startport, unsigned short endport,
                           int proto, unsigned int * number)
 {
 	unsigned short * array;
-	unsigned int capacity;
+	unsigned int capacity, tnum;
 	int i, n;
 	unsigned short eport;
 	struct pfioc_rule pr;
@@ -1359,6 +1412,9 @@ get_portmappings_in_range(unsigned short startport, unsigned short endport,
 		return NULL;
 	}
 	n = pr.nr;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif /* PF_RELEASETICKETS */
 	for(i=0; i<n; i++)
 	{
 		pr.nr = i;
@@ -1388,6 +1444,7 @@ get_portmappings_in_range(unsigned short startport, unsigned short endport,
 					syslog(LOG_ERR, "get_portmappings_in_range() : realloc(%lu) error", sizeof(unsigned short)*capacity);
 					*number = 0;
 					free(array);
+					release_ticket(dev, tnum);
 					return NULL;
 				}
 				array = tmp;
@@ -1396,6 +1453,7 @@ get_portmappings_in_range(unsigned short startport, unsigned short endport,
 			(*number)++;
 		}
 	}
+	release_ticket(dev, tnum);
 	return array;
 }
 
@@ -1470,6 +1528,7 @@ list_rules(void)
 	char buf[32];
 	char buf2[32];
 	int i, n;
+	unsigned int tnum;
 	struct pfioc_rule pr;
 #ifndef PF_NEWSTYLE
 	struct pfioc_pooladdr pp;
@@ -1536,6 +1595,7 @@ list_rules(void)
 		printf("  %s\n", inet_ntop(AF_INET, &pr.rule.rdr.addr.v.a.addr.v4.s_addr, buf, 32));
 #endif
 	}
+	release_ticket(dev, tnum);
 }
 #endif /* TEST */
 
diff --git a/miniupnpd/pf/pfpinhole.c b/miniupnpd/pf/pfpinhole.c
index 75f5c0a..c5a616e 100644
--- a/miniupnpd/pf/pfpinhole.c
+++ b/miniupnpd/pf/pfpinhole.c
@@ -1,8 +1,8 @@
-/* $Id: pfpinhole.c,v 1.29 2020/05/10 22:22:50 nanard Exp $ */
+/* $Id: pfpinhole.c,v 1.30 2023/12/07 18:56:48 nanard Exp $ */
 /* vim: tabstop=4 shiftwidth=4 noexpandtab
  * MiniUPnP project
  * http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
- * (c) 2012-2020 Thomas Bernard
+ * (c) 2012-2023 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 
@@ -55,6 +55,17 @@ static int next_uid = 1;
 #define PINEHOLE_LABEL_FORMAT "pinhole-%d ts-%u: %s"
 #define PINEHOLE_LABEL_FORMAT_SKIPDESC "pinhole-%d ts-%u: %*s"
 
+#if defined(PF_NEWSTYLE) && defined(DIOCXEND)
+#define PF_RELEASETICKETS
+#define release_ticket(device, ticket_num) {\
+	if (ioctl((device), DIOCXEND, &(ticket_num)) < 0) {\
+		syslog(LOG_ERR, "ioctl(dev, DIOCXEND, ...): %m");\
+	}\
+}
+#else
+#define release_ticket(device, ticket_num)	(void)(ticket_num)
+#endif
+
 int add_pinhole(const char * ifname,
                 const char * rem_host, unsigned short rem_port,
                 const char * int_client, unsigned short int_port,
@@ -167,7 +178,7 @@ int find_pinhole(const char * ifname,
                  char *desc, int desc_len, unsigned int * timestamp)
 {
 	int uid;
-	unsigned int ts;
+	unsigned int ts, tnum;
 	int i, n;
 	struct pfioc_rule pr;
 	struct in6_addr saddr;
@@ -194,10 +205,14 @@ int find_pinhole(const char * ifname,
 		return -1;
 	}
 	n = pr.nr;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif /* PF_RELEASETICKETS */
 	for(i=0; i<n; i++) {
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+			release_ticket(dev, tnum);
 			return -1;
 		}
 		if((proto == pr.rule.proto) && (rem_port == ntohs(pr.rule.src.port[0]))
@@ -216,15 +231,18 @@ int find_pinhole(const char * ifname,
 					strlcpy(desc, p, desc_len);
 				}
 			}
+			release_ticket(dev, tnum);
 			return uid;
 		}
 	}
+	release_ticket(dev, tnum);
 	return -2;
 }
 
 int delete_pinhole(unsigned short uid)
 {
 	int i, n;
+	unsigned int tnum;
 	struct pfioc_rule pr;
 	char label_start[PF_RULE_LABEL_SIZE];
 	char tmp_label[PF_RULE_LABEL_SIZE];
@@ -245,6 +263,9 @@ int delete_pinhole(unsigned short uid)
 		return -1;
 	}
 	n = pr.nr;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif
 	for(i=0; i<n; i++) {
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
@@ -257,17 +278,21 @@ int delete_pinhole(unsigned short uid)
 			pr.action = PF_CHANGE_GET_TICKET;
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) {
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
+				release_ticket(dev, tnum);
 				return -1;
 			}
 			pr.action = PF_CHANGE_REMOVE;
 			pr.nr = i;
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) {
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
+				release_ticket(dev, tnum);
 				return -1;
 			}
+			release_ticket(dev, tnum);
 			return 0;
 		}
 	}
+	release_ticket(dev, tnum);
 	/* not found */
 	return -2;
 }
@@ -281,6 +306,7 @@ get_pinhole_info(unsigned short uid,
                  u_int64_t * packets, u_int64_t * bytes)
 {
 	int i, n;
+	unsigned int tnum;
 	struct pfioc_rule pr;
 	char label_start[PF_RULE_LABEL_SIZE];
 	char tmp_label[PF_RULE_LABEL_SIZE];
@@ -302,10 +328,14 @@ get_pinhole_info(unsigned short uid,
 		return -1;
 	}
 	n = pr.nr;
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif
 	for(i=0; i<n; i++) {
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+			release_ticket(dev, tnum);
 			return -1;
 		}
 		strlcpy(tmp_label, pr.rule.label, sizeof(tmp_label));
@@ -313,11 +343,13 @@ get_pinhole_info(unsigned short uid,
 		strsep(&p, " ");
 		if(0 == strcmp(tmp_label, label_start)) {
 			if(rem_host && (inet_ntop(AF_INET6, &pr.rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) {
+				release_ticket(dev, tnum);
 				return -1;
 			}
 			if(rem_port)
 				*rem_port = ntohs(pr.rule.src.port[0]);
 			if(int_client && (inet_ntop(AF_INET6, &pr.rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) {
+				release_ticket(dev, tnum);
 				return -1;
 			}
 			if(int_port)
@@ -345,9 +377,11 @@ get_pinhole_info(unsigned short uid,
 			if(bytes)
 				*bytes = pr.rule.bytes;
 #endif
+			release_ticket(dev, tnum);
 			return 0;
 		}
 	}
+	release_ticket(dev, tnum);
 	/* not found */
 	return -2;
 }
@@ -370,7 +404,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
 	int i;
 	struct pfioc_rule pr;
 	time_t current_time;
-	unsigned int ts;
+	unsigned int ts, tnum;
 	int uid;
 	unsigned int min_ts = UINT_MAX;
 	int min_uid = INT_MAX, max_uid = -1;
@@ -390,10 +424,14 @@ int clean_pinhole_list(unsigned int * next_timestamp)
 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
 		return -1;
 	}
+#ifdef PF_RELEASETICKETS
+	tnum = pr.ticket;
+#endif
 	for(i = pr.nr - 1; i >= 0; i--) {
 		pr.nr = i;
 		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
+			release_ticket(dev, tnum);
 			return -1;
 		}
 		if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) {
@@ -405,22 +443,28 @@ int clean_pinhole_list(unsigned int * next_timestamp)
 			pr.action = PF_CHANGE_GET_TICKET;
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) {
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
+				release_ticket(dev, tnum);
 				return -1;
 			}
 			pr.action = PF_CHANGE_REMOVE;
 			pr.nr = i;
 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) {
 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_REMOVE: %m");
+				release_ticket(dev, tnum);
 				return -1;
 			}
 			n++;
 #ifndef PF_NEWSTYLE
 			pr.rule.action = PF_PASS;
 #endif
+			release_ticket(dev, tnum);
 			if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
 				syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
 				return -1;
 			}
+#ifdef PF_RELEASETICKETS
+			tnum = pr.ticket;
+#endif
 		} else {
 			if(uid > max_uid)
 				max_uid = uid;
@@ -440,6 +484,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
 			next_uid = 1;
 		}
 	}
+	release_ticket(dev, tnum);
 	return n;	/* number of rules removed */
 }