ipfw: fix parsing error in nat config port_range

Also fix the corresponding tests.

PR:		263240
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D57010

sbin/ipfw/ipfw.8

@@ -1,5 +1,5 @@
 .\"
-.Dd March 1, 2026
+.Dd May 21, 2026
 .Dt IPFW 8
 .Os
 .Sh NAME
@@ -3519,6 +3519,7 @@ Obey transparent proxy rules only, packet aliasing is not performed.
 Skip instance in case of global state lookup (see below).
 .It Cm port_range Ar lower-upper
 Set the aliasing ports between the ranges given.
+Ports must be in the range 1024-65535.
 Upper port has to be greater than lower.
 .It Cm udp_eim
 When enabled, UDP packets use endpoint-independent mapping (EIM) from RFC 4787

sbin/ipfw/nat.c

@@ -757,25 +757,28 @@ nat_show_cfg(struct nat44_cfg_nat *n, void *arg __unused)
 }
 
 static int
-nat_port_alias_parse(char *str, u_short *lpout, u_short *hpout) {
+nat_port_alias_parse(char *str, u_short *lpout, u_short *hpout)
+{
 	long lp, hp;
-	char *ptr;
+	char *ptr, *substr;
+
+	substr = strsep(&str, "-");
+	if (substr == NULL || str == NULL)
+		return (0);
+
 	/* Lower port parsing */
-	lp = (long) strtol(str, &ptr, 10);
-	if (lp < 1024 || lp > 65535)
-		return 0;
-	if (!ptr || *ptr != '-')
-		return 0;
+	lp = (long) strtol(substr, &ptr, 0);
+	if (*ptr != '\0' || lp < 1024 || lp > 65535)
+		return (0);
+
 	/* Upper port parsing */
-	hp = (long) strtol(ptr, &ptr, 10);
-	if (hp < 1024 || hp > 65535)
-		return 0;
-	if (ptr)
-		return 0;
+	hp = (long) strtol(str, &ptr, 0);
+	if (*ptr != '\0' || hp < 1024 || hp > 65535)
+		return (0);
 
 	*lpout = (u_short) lp;
 	*hpout = (u_short) hp;
-	return 1;
+	return (1);
 }
 
 void