Don't allow '\!0' in the PROTO column

2024-12-19 21:01:20 +01:00 · 2011-04-11 16:25:19 -07:00 · 2011-04-11 16:25:19 -07:00 · 18f4b11b09
commit 18f4b11b09
parent 73754521b1
2 changed files with 6 additions and 0 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -2225,6 +2225,8 @@ sub do_proto( $$$;$ )
 	    #
 	    # Protocol is numeric and <= 65535 or is defined in /etc/protocols or NSS equivalent
 	    #
+	    fatal_error "'!0' not allowed in the PROTO column" if $invert && ! $protonum;
+
 	    my $pname = proto_name( $proto = $protonum );
 	    #
 	    # $proto now contains the protocol number and $pname contains the canonical name of the protocol
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -49,6 +49,10 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
       WARNING: Param line (export OLDPWD) ignored at 
                /usr/share/shorewall/Shorewall/Config.pm line 2993.

+9)  A fatal error is now raised if '!0' appears in the PROTO column of
+    files that have that column. This avoids an iptables-restore
+    failure at run time.
+
 ----------------------------------------------------------------------------
           I I.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------