From 024c1fbd08abdcbc4cb7d361b01276f43e2d9d82 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 25 Jun 2011 10:51:17 -0700
Subject: [PATCH] Validate first argument to the default actions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/action.Drop   | 16 ++++++++++------
 Shorewall/action.Reject | 16 ++++++++++------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/Shorewall/action.Drop b/Shorewall/action.Drop
index dab331390..d91fe3cda 100644
--- a/Shorewall/action.Drop
+++ b/Shorewall/action.Drop
@@ -43,12 +43,16 @@ my ( $p1, $p2, $p3 , $p4, $p5, $p6 ) = get_action_params( 6 );
 
 fatal_error "Too many parameters to Drop" if defined $p6;
 
-if ( defined $p1 && $p1 eq 'audit' ) {
-   set_action_param( 2, 'A_REJECT')   unless defined( $p2 ) && $p2 ne '-';
-   set_action_param( 3, 'A_DROP')     unless defined( $p3 ) && $p3 ne '-';
-   set_action_param( 4, 'A_ACCEPT' )  unless defined( $p4 ) && $p4 ne '-';
-   set_action_param( 5, 'A_DROP' )    unless defined( $p5 ) && $p5 ne '-';
-};
+if ( defined $p1 ) { 
+    if ( $p1 eq 'audit' ) {
+	set_action_param( 2, 'A_REJECT')   unless defined( $p2 ) && $p2 ne '-';
+	set_action_param( 3, 'A_DROP')     unless defined( $p3 ) && $p3 ne '-';
+	set_action_param( 4, 'A_ACCEPT' )  unless defined( $p4 ) && $p4 ne '-';
+	set_action_param( 5, 'A_DROP' )    unless defined( $p5 ) && $p5 ne '-';
+    } else {
+	fatal_error "Invalid value ($p1) for first Drop parameter" unless $p1 eq '-';
+    }
+}
 
 1;
 
diff --git a/Shorewall/action.Reject b/Shorewall/action.Reject
index 287bda61a..06c751add 100644
--- a/Shorewall/action.Reject
+++ b/Shorewall/action.Reject
@@ -39,12 +39,16 @@ my ( $p1, $p2, $p3 , $p4, $p5, $p6 ) = get_action_params( 6 );
 
 fatal_error "Too many parameters to Reject" if defined $p6;
 
-if ( defined $p1 && $p1 eq 'audit' ) {
-   set_action_param( 2, 'A_REJECT')  unless defined( $p2 ) && $p2 ne '-';
-   set_action_param( 3, 'A_REJECT')  unless defined( $p3 ) && $p3 ne '-';
-   set_action_param( 4, 'A_ACCEPT' ) unless defined( $p5 ) && $p4 ne '-';
-   set_action_param( 5, 'A_DROP' )   unless defined( $p5 ) && $p5 ne '-';
-};
+if ( defined $p1 ) { 
+    if ( $p1 eq 'audit' ) {
+	set_action_param( 2, 'A_REJECT')  unless defined( $p2 ) && $p2 ne '-';
+	set_action_param( 3, 'A_REJECT')  unless defined( $p3 ) && $p3 ne '-';
+	set_action_param( 4, 'A_ACCEPT' ) unless defined( $p5 ) && $p4 ne '-';
+	set_action_param( 5, 'A_DROP' )   unless defined( $p5 ) && $p5 ne '-';
+    } else {
+	fatal_error "Invalid value ($p1) for first Reject parameter" unless $p1 eq '-';
+    }
+}
 
 1;