From d5aaa66e0b3924829386930eef2e3e3c996ed8e0 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 11 Oct 2016 10:56:41 -0700
Subject: [PATCH] Detect bad characters in interface names

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Zones.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 7709d2abb..3239362ab 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -1119,6 +1119,8 @@ sub process_interface( $$ ) {
 
     my ($interface, $port, $extra) = split /:/ , $originalinterface, 3;
 
+    fatal_error "Invalid interface name ($interface)" if $interface =~ /[()\[\]]\*\?/;
+
     fatal_error "Invalid INTERFACE ($originalinterface)" if ! $interface || defined $extra;
 
     if ( supplied $port ) {
@@ -1316,7 +1318,7 @@ sub process_interface( $$ ) {
 		fatal_error "The '$option' option requires a value" unless defined $value;
 
 		if ( $option eq 'physical' ) {
-		    fatal_error "Invalid Physical interface name ($value)" unless $value && $value !~ /%/;
+		    fatal_error "Invalid physical interface name ($interface)" if $interface =~ /[()\[\]]\*\?%/;
 		    fatal_error "Virtual interfaces ($value) are not supported" if $value =~ /:\d+$/;
 
 		    fatal_error "Duplicate physical interface name ($value)" if ( $interfaces{$value} && ! $port );