From 18f4b11b094d455aec4cbdbda8636a1cd7864339 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 11 Apr 2011 16:25:19 -0700 Subject: [PATCH] Don't allow '\!0' in the PROTO column --- Shorewall/Perl/Shorewall/Chains.pm | 2 ++ Shorewall/releasenotes.txt | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 870c25c5b..7fc6bf0f6 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -2225,6 +2225,8 @@ sub do_proto( $$$;$ ) # # Protocol is numeric and <= 65535 or is defined in /etc/protocols or NSS equivalent # + fatal_error "'!0' not allowed in the PROTO column" if $invert && ! $protonum; + my $pname = proto_name( $proto = $protonum ); # # $proto now contains the protocol number and $pname contains the canonical name of the protocol diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 3df3b6066..3021c65f5 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -49,6 +49,10 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES WARNING: Param line (export OLDPWD) ignored at /usr/share/shorewall/Shorewall/Config.pm line 2993. +9) A fatal error is now raised if '!0' appears in the PROTO column of + files that have that column. This avoids an iptables-restore + failure at run time. + ---------------------------------------------------------------------------- I I. K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------