extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-13 05:06:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve validation and reporting in the net list processing.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-10-05 16:20:07 -07:00
parent da886142f9
commit 3d90c63528
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3278,6 +3278,14 @@ sub set_global_variables( $ ) {
} }
} }
#
# Issue an invalid list error message
#
sub invalid_network_list ( $$ ) {
my ( $srcdst, $list ) = @_;
fatal_error "Invalid $srcdst network list ($list)";
}
# #
# Split a network element into the net part and exclusion part (if any) # Split a network element into the net part and exclusion part (if any)
# #
@ -3292,12 +3300,14 @@ sub split_network( $$$ ) {
my $element = shift @input; my $element = shift @input;
if ( $element =~ /\[/ ) { if ( $element =~ /\[/ ) {
while ( $element =~ tr/[/[/ > $element =~ tr/]/]/ ) { my $openbrackets;
while ( ( $openbrackets = ( $element =~ tr/[/[/ ) ) > $element =~ tr/]/]/ ) {
fatal_error "Missing ']' ($element)" unless @input; fatal_error "Missing ']' ($element)" unless @input;
$element .= ( '!' . shift @input ); $element .= ( '!' . shift @input );
} }
fatal_error "Mismatched [...] ($element)" unless $element =~ tr/[/[/ == $element =~ tr/]/]/; fatal_error "Mismatched [...] ($element)" unless $openbrackets == $element =~ tr/]/]/;
} }
push @result, $element; push @result, $element;
@ -3306,7 +3316,7 @@ sub split_network( $$$ ) {
@result = @input; @result = @input;
} }
fatal_error "Invalid $srcdst ($list)" if @result > 2; invalid_network_list( $srcdst, $list ) if @result > 2;
@result; @result;
} }
@ -3325,13 +3335,15 @@ sub handle_network_list( $$ ) {
for ( @nets ) { for ( @nets ) {
if ( /!/ ) { if ( /!/ ) {
if ( /^!(.*)$/ ) { if ( /^!(.*)$/ ) {
fatal_error "Invalid $srcdst ($list)" if ( $nets || $excl ); invalid_network_list( $srcdst, $list) if ( $nets || $excl );
$excl = $1; $excl = $1;
} else { } else {
fatal_error "Invalid $srcdst ($list)" if $excl;
my ( $temp1, $temp2 ) = split_network $_, $srcdst, $list; my ( $temp1, $temp2 ) = split_network $_, $srcdst, $list;
$nets = $nets ? join(',', $nets, $temp1 ) : $temp1; $nets = $nets ? join(',', $nets, $temp1 ) : $temp1;
$excl = $temp2 if $temp2; if ( $temp2 ) {
invalid_network_list( $srcdst, $list) if $excl;
$excl = $temp2;
}
} }
} elsif ( $excl ) { } elsif ( $excl ) {
$excl .= ",$_"; $excl .= ",$_";