mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-30 11:33:28 +01:00
Fix silly hole in zones file parsing
This commit is contained in:
parent
57ca3591e5
commit
2bb92a79f3
@ -49,7 +49,7 @@ our $export;
|
|||||||
|
|
||||||
our $test;
|
our $test;
|
||||||
|
|
||||||
our $family = F_IPV4;
|
our $family;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initilize the package-globals in the other modules
|
# Initilize the package-globals in the other modules
|
||||||
|
@ -683,15 +683,16 @@ sub cleanup() {
|
|||||||
#
|
#
|
||||||
# Close files first in case we're running under Cygwin
|
# Close files first in case we're running under Cygwin
|
||||||
#
|
#
|
||||||
close $object if $object;
|
close $object, $object = undef if $object;
|
||||||
close $scriptfile if $scriptfile;
|
close $scriptfile, $scriptfile = undef if $scriptfile;
|
||||||
close $log if $log;
|
close $log, $log = undef if $log;
|
||||||
#
|
#
|
||||||
# Unlink temporary files
|
# Unlink temporary files
|
||||||
#
|
#
|
||||||
unlink $tempfile if $tempfile;
|
unlink $tempfile, $tempfile = undef if $tempfile;
|
||||||
unlink $scriptfilename if $scriptfilename;
|
unlink $scriptfilename, $scriptfilename = undef if $scriptfilename;
|
||||||
unlink $_ for @tempfiles;
|
unlink $_ for @tempfiles;
|
||||||
|
@tempfiles = ();
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -359,8 +359,8 @@ sub process_zone( \$ ) {
|
|||||||
fatal_error "Invalid zone name ($zone)" if $reservedName{$zone} || $zone =~ /^all2|2all$/;
|
fatal_error "Invalid zone name ($zone)" if $reservedName{$zone} || $zone =~ /^all2|2all$/;
|
||||||
fatal_error( "Duplicate zone name ($zone)" ) if $zones{$zone};
|
fatal_error( "Duplicate zone name ($zone)" ) if $zones{$zone};
|
||||||
|
|
||||||
if ( $type =~ /ipv([46])?/i ) {
|
if ( $type =~ /^ip(v([46]))?$/i ) {
|
||||||
fatal_error "Invalid zone type ($type)" if $1 && $1 != $family;
|
fatal_error "Invalid zone type ($type)" if $1 && $2 != $family;
|
||||||
$type = IP;
|
$type = IP;
|
||||||
$$ip = 1;
|
$$ip = 1;
|
||||||
} elsif ( $type =~ /^ipsec([46])?$/i ) {
|
} elsif ( $type =~ /^ipsec([46])?$/i ) {
|
||||||
|
@ -29,6 +29,8 @@ Changes in Shorewall 4.4.1
|
|||||||
|
|
||||||
14) Fix rule generated by MULTICAST=Yes
|
14) Fix rule generated by MULTICAST=Yes
|
||||||
|
|
||||||
|
15) Fix silly hole in zones file parsing.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.0
|
Changes in Shorewall 4.4.0
|
||||||
|
|
||||||
1) Fix 'compile ... -' so that it no longer requires '-v-1'
|
1) Fix 'compile ... -' so that it no longer requires '-v-1'
|
||||||
|
@ -255,6 +255,10 @@ None.
|
|||||||
/etc/shorewall/interfaces, multicast traffic will now be sent to
|
/etc/shorewall/interfaces, multicast traffic will now be sent to
|
||||||
the zone along with limited broadcasts.
|
the zone along with limited broadcasts.
|
||||||
|
|
||||||
|
5) A flaw in the parsing logic for the zones file allowed most zone
|
||||||
|
types containing the character string 'ip' to be accepted as a
|
||||||
|
synonym for 'ipv4' (or ipv6 if compiling an IPv6 configuration).
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
N E W F E A T U R E S I N 4 . 4
|
N E W F E A T U R E S I N 4 . 4
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
Loading…
Reference in New Issue
Block a user