Correct parsing of the hosts file:

1) Fixed IPv6 parsing of the HOSTS column
2) Properly detect IPv4 loopback violations

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2024-03-03 09:54:33 -08:00
parent 11fb1ab6cf
commit f21d8b2a27

View File

@ -2207,24 +2207,25 @@ sub process_host( ) {
fatal_error "Invalid HOST(S) column contents: $hosts"; fatal_error "Invalid HOST(S) column contents: $hosts";
} }
} elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/ || } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/ ||
$hosts =~ /^([\w.@%-]+\+?)\[(.*)\]$/ || $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]$/ ||
$hosts =~ /^([\w.@%-]+\+?):(!?\[.+\](?:\/\d+)?)$/ || $hosts =~ /^([\w.@%-]+\+?):(!?\[.+\](?:\/\d+)?)$/ ||
$hosts =~ /^([\w.@%-]+\+?):(!?\+.*)$/ || $hosts =~ /^([\w.@%-]+\+?):(!?\+.*)$/ ||
$hosts =~ /^([\w.@%-]+\+?):(dynamic)$/ ) { $hosts =~ /^([\w.@%-]+\+?):(dynamic)$/ ) {
$interface = $1; $interface = $1;
$hosts = $2; $hosts = $2;
fatal_error "Unknown interface ($interface)" unless ($interfaceref = $interfaces{$interface}) && $interfaceref->{root}; fatal_error "Unknown interface ($interface)" unless ($interfaceref = $interfaces{$interface}) && $interfaceref->{root};
fatal_error "Unmanaged interfaces may not be associated with a zone" if $interfaceref->{unmanaged};
$interface = $interfaceref->{name}; $interface = $interfaceref->{name};
} else {
fatal_error "Invalid HOST(S) column contents: $hosts";
}
fatal_error "Unmanaged interfaces may not be associated with a zone" if $interfaceref->{unmanaged};
if ( $interfaceref->{physical} eq $loopback_interface ) { if ( $interfaceref->{physical} eq $loopback_interface ) {
fatal_error "Only a loopback zone may be associated with the loopback interface ($loopback_interface)" if $type != LOOPBACK; fatal_error "Only a loopback zone may be associated with the loopback interface ($loopback_interface)" if $type != LOOPBACK;
} else { } else {
fatal_error "Loopback zones may only be associated with the loopback interface ($loopback_interface)" if $type == LOOPBACK; fatal_error "Loopback zones may only be associated with the loopback interface ($loopback_interface)" if $type == LOOPBACK;
} }
} else {
fatal_error "Invalid HOST(S) column contents: $hosts"
}
if ( $hosts =~ /^!?\+/ ) { if ( $hosts =~ /^!?\+/ ) {
$zoneref->{complex} = 1; $zoneref->{complex} = 1;