From b2842ae8d45fa8d0db744e8e0550867bc9e3d860 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 5 Mar 2012 15:42:53 -0800
Subject: [PATCH] Don't allow reserved variables to be set in params

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index d9eecdcb8..6571397ab 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -3381,6 +3381,8 @@ sub unsupported_yes_no_warning( $ ) {
 sub get_params() {
     my $fn = find_file 'params';
 
+    my %reserved = ( COMMAND => 1, CONFDIR => 1, SHAREDIR => 1, VARDIR => 1 );
+
     if ( -f $fn ) {
 	progress_message2 "Processing $fn ...";
 
@@ -3484,6 +3486,11 @@ sub get_params() {
 	    }
 	}
 
+	for ( keys %params ) {
+	    fatal_error "The variable name $_ is reserved and may not be set in the params file"
+		if /^SW_/ || /^SHOREWALL_/ || ( exists $config{$_} && ! exists $ENV{$_} ) || exists $reserved{$_};
+	}
+
 	if ( $debug ) {
 	    print "PARAMS:\n";
 	    my $value;