mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-26 17:43:15 +01:00
Disallow bare COMMENT, SECTION and FORMAT lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
40d1d86d2c
commit
80acdd2836
@ -433,14 +433,9 @@ sub process_accounting_rule( ) {
|
|||||||
|
|
||||||
fatal_error 'ACTION must be specified' if $action eq '-';
|
fatal_error 'ACTION must be specified' if $action eq '-';
|
||||||
|
|
||||||
if ( $action eq 'SECTION' ) {
|
|
||||||
section_warning;
|
|
||||||
process_section( $chain );
|
|
||||||
} else {
|
|
||||||
for my $proto ( split_list $protos, 'Protocol' ) {
|
for my $proto ( split_list $protos, 'Protocol' ) {
|
||||||
$nonempty |= process_accounting_rule1( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers );
|
$nonempty |= process_accounting_rule1( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers );
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
$nonempty;
|
$nonempty;
|
||||||
}
|
}
|
||||||
|
@ -153,12 +153,10 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
|||||||
run_user_exit2
|
run_user_exit2
|
||||||
generate_aux_config
|
generate_aux_config
|
||||||
format_warning
|
format_warning
|
||||||
process_comment
|
|
||||||
no_comment
|
no_comment
|
||||||
macro_comment
|
macro_comment
|
||||||
dump_mark_layout
|
dump_mark_layout
|
||||||
set_section_function
|
set_section_function
|
||||||
section_warning
|
|
||||||
clear_section_function
|
clear_section_function
|
||||||
directive_callback
|
directive_callback
|
||||||
|
|
||||||
@ -563,9 +561,6 @@ our $comment; # Current COMMENT
|
|||||||
our $comments_allowed; # True if [?]COMMENT is allowed in the current file
|
our $comments_allowed; # True if [?]COMMENT is allowed in the current file
|
||||||
our $nocomment; # When true, ignore [?]COMMENT in the current file
|
our $nocomment; # When true, ignore [?]COMMENT in the current file
|
||||||
our $warningcount; # Used to suppress duplicate warnings about missing COMMENT support
|
our $warningcount; # Used to suppress duplicate warnings about missing COMMENT support
|
||||||
our $warningcount1; # Used to suppress duplicate warnings about COMMENT being deprecated
|
|
||||||
our $warningcount2; # Used to suppress duplicate warnings about FORMAT being deprecated
|
|
||||||
our $warningcount3; # Used to suppress duplicate warnings about SECTION being deprecated
|
|
||||||
our $checkinline; # The -i option to check/compile/etc.
|
our $checkinline; # The -i option to check/compile/etc.
|
||||||
our $directive_callback; # Function to call in compiler_directive
|
our $directive_callback; # Function to call in compiler_directive
|
||||||
|
|
||||||
@ -706,9 +701,6 @@ sub initialize( $;$$) {
|
|||||||
#
|
#
|
||||||
$comment = '';
|
$comment = '';
|
||||||
$warningcount = 0;
|
$warningcount = 0;
|
||||||
$warningcount1 = 0;
|
|
||||||
$warningcount2 = 0;
|
|
||||||
$warningcount3 = 0;
|
|
||||||
#
|
#
|
||||||
# Misc Globals
|
# Misc Globals
|
||||||
#
|
#
|
||||||
@ -2227,28 +2219,8 @@ sub split_line($$) {
|
|||||||
&split_line1( @_, {} );
|
&split_line1( @_, {} );
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Generate a FORMAT warning
|
|
||||||
#
|
|
||||||
sub format_warning() {
|
|
||||||
warning_message "'FORMAT' is deprecated in favor of '?FORMAT' - consider running '$product update -D'" unless $warningcount2++;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# Process a COMMENT line (in $currentline)
|
|
||||||
#
|
|
||||||
sub have_capability( $;$ );
|
sub have_capability( $;$ );
|
||||||
|
|
||||||
sub process_comment() {
|
|
||||||
if ( have_capability( 'COMMENTS' ) ) {
|
|
||||||
warning_message "'COMMENT' is deprecated in favor of '?COMMENT' - consider running '$product update -D'" unless $warningcount1++;
|
|
||||||
( $comment = $currentline ) =~ s/^\s*COMMENT\s*//;
|
|
||||||
$comment =~ s/\s*$//;
|
|
||||||
} else {
|
|
||||||
warning_message "COMMENTs ignored -- require comment support in iptables/Netfilter" unless $warningcount++;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Returns True if there is a current COMMENT or if COMMENTS are not available.
|
# Returns True if there is a current COMMENT or if COMMENTS are not available.
|
||||||
#
|
#
|
||||||
@ -2304,13 +2276,6 @@ sub clear_section_function() {
|
|||||||
$section_function = undef;
|
$section_function = undef;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Generate a SECTION warning
|
|
||||||
#
|
|
||||||
sub section_warning() {
|
|
||||||
warning_message "'SECTION' is deprecated in favor of '?SECTION' - consider running '$product update -D'" unless $warningcount3++;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Open a file, setting $currentfile. Returns the file's absolute pathname if the file
|
# Open a file, setting $currentfile. Returns the file's absolute pathname if the file
|
||||||
# exists, is non-empty and was successfully opened. Terminates with a fatal error
|
# exists, is non-empty and was successfully opened. Terminates with a fatal error
|
||||||
@ -3428,27 +3393,6 @@ sub read_a_line($) {
|
|||||||
#
|
#
|
||||||
$currentline =~ s/\s*$//;
|
$currentline =~ s/\s*$//;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $comments_allowed && $currentline =~ /^\s*COMMENT\b/ ) {
|
|
||||||
process_comment unless $nocomment;
|
|
||||||
$directive_callback->( 'COMMENT', $currentline ) if $directive_callback;
|
|
||||||
$currentline = '';
|
|
||||||
$currentlinenumber = 0;
|
|
||||||
next
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( $max_format > 1 && $currentline =~ /^\s*FORMAT\s+(.+)/ ) {
|
|
||||||
format_warning;
|
|
||||||
my $format = $1;
|
|
||||||
fatal_error( "Invalid format ($format)" ) unless $format =~ /\d+/;
|
|
||||||
fatal_error( "Format must be between 1 and $max_format" ) unless $format && $format <= $max_format;
|
|
||||||
$file_format = $format;
|
|
||||||
$directive_callback->( 'FORMAT', $currentline ) if $directive_callback;
|
|
||||||
$currentline = '';
|
|
||||||
$currentlinenumber = 0;
|
|
||||||
next
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Line not blank -- Handle any first-entry message/capabilities check
|
# Line not blank -- Handle any first-entry message/capabilities check
|
||||||
#
|
#
|
||||||
|
@ -3272,8 +3272,6 @@ sub process_raw_rule ( ) {
|
|||||||
|
|
||||||
|
|
||||||
fatal_error 'ACTION must be specified' if $target eq '-';
|
fatal_error 'ACTION must be specified' if $target eq '-';
|
||||||
|
|
||||||
section_warning, process_section( $source ), return 1 if $target eq 'SECTION';
|
|
||||||
#
|
#
|
||||||
# Section Names are optional so once we get to an actual rule, we need to be sure that
|
# Section Names are optional so once we get to an actual rule, we need to be sure that
|
||||||
# we close off any missing sections.
|
# we close off any missing sections.
|
||||||
|
Loading…
Reference in New Issue
Block a user