extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 00:23:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

More defense against silly lists

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8116 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-01-26 22:15:07 +00:00
parent 7b4abdba94
commit 3cad33ea20
3 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-perl/Shorewall/Config.pm
View File

@ -858,7 +858,7 @@ sub find_file($)
sub split_list( $$ ) { sub split_list( $$ ) {
my ($list, $type ) = @_; my ($list, $type ) = @_;
fatal_error "Invalid $type list ($list)" if $list =~ /^,/ or $list =~/,$/ or $list =~ /,,/; fatal_error "Invalid $type list ($list)" if $list =~ /^,|,$|,,|!,|,!$/;
split /,/, $list; split /,/, $list;
} }

1
Shorewall-perl/Shorewall/IPAddrs.pm
View File

@ -91,6 +91,7 @@ sub validate_net( $$ ) {
my ($net, $vlsm, $rest) = split( '/', $_[0], 3 ); my ($net, $vlsm, $rest) = split( '/', $_[0], 3 );
my $allow_name = $_[1]; my $allow_name = $_[1];
fatal_error "Missing address" if $net eq '';
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+'; fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
if ( defined $vlsm ) { if ( defined $vlsm ) {

3
Shorewall-perl/Shorewall/Rules.pm
View File

@ -176,7 +176,8 @@ sub setup_ecn()
$hosts = ALLIPv4 if $hosts eq '-'; $hosts = ALLIPv4 if $hosts eq '-';
for my $host( split_list $hosts, 'host' ) { for my $host( split_list $hosts, 'address' ) {
validate_net( $host , 1 );
push @hosts, [ $interface, $host ]; push @hosts, [ $interface, $host ];
} }
} }