Fix silly hole in zones file parsing

This commit is contained in:
Tom Eastep 2009-08-30 08:05:10 -07:00
parent 57ca3591e5
commit 2bb92a79f3
5 changed files with 15 additions and 8 deletions

View File

@ -49,7 +49,7 @@ our $export;
our $test; our $test;
our $family = F_IPV4; our $family;
# #
# Initilize the package-globals in the other modules # Initilize the package-globals in the other modules

View File

@ -683,15 +683,16 @@ sub cleanup() {
# #
# Close files first in case we're running under Cygwin # Close files first in case we're running under Cygwin
# #
close $object if $object; close $object, $object = undef if $object;
close $scriptfile if $scriptfile; close $scriptfile, $scriptfile = undef if $scriptfile;
close $log if $log; close $log, $log = undef if $log;
# #
# Unlink temporary files # Unlink temporary files
# #
unlink $tempfile if $tempfile; unlink $tempfile, $tempfile = undef if $tempfile;
unlink $scriptfilename if $scriptfilename; unlink $scriptfilename, $scriptfilename = undef if $scriptfilename;
unlink $_ for @tempfiles; unlink $_ for @tempfiles;
@tempfiles = ();
} }
# #

View File

@ -359,8 +359,8 @@ sub process_zone( \$ ) {
fatal_error "Invalid zone name ($zone)" if $reservedName{$zone} || $zone =~ /^all2|2all$/; fatal_error "Invalid zone name ($zone)" if $reservedName{$zone} || $zone =~ /^all2|2all$/;
fatal_error( "Duplicate zone name ($zone)" ) if $zones{$zone}; fatal_error( "Duplicate zone name ($zone)" ) if $zones{$zone};
if ( $type =~ /ipv([46])?/i ) { if ( $type =~ /^ip(v([46]))?$/i ) {
fatal_error "Invalid zone type ($type)" if $1 && $1 != $family; fatal_error "Invalid zone type ($type)" if $1 && $2 != $family;
$type = IP; $type = IP;
$$ip = 1; $$ip = 1;
} elsif ( $type =~ /^ipsec([46])?$/i ) { } elsif ( $type =~ /^ipsec([46])?$/i ) {

View File

@ -29,6 +29,8 @@ Changes in Shorewall 4.4.1
14) Fix rule generated by MULTICAST=Yes 14) Fix rule generated by MULTICAST=Yes
15) Fix silly hole in zones file parsing.
Changes in Shorewall 4.4.0 Changes in Shorewall 4.4.0
1) Fix 'compile ... -' so that it no longer requires '-v-1' 1) Fix 'compile ... -' so that it no longer requires '-v-1'

View File

@ -255,6 +255,10 @@ None.
/etc/shorewall/interfaces, multicast traffic will now be sent to /etc/shorewall/interfaces, multicast traffic will now be sent to
the zone along with limited broadcasts. the zone along with limited broadcasts.
5) A flaw in the parsing logic for the zones file allowed most zone
types containing the character string 'ip' to be accepted as a
synonym for 'ipv4' (or ipv6 if compiling an IPv6 configuration).
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 N E W F E A T U R E S I N 4 . 4
---------------------------------------------------------------------------- ----------------------------------------------------------------------------