From 2828b65326e5541ce50222d7af21d4acbcce97d2 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 26 Sep 2010 07:56:55 -0700 Subject: [PATCH] Improve error message generated when a token beginning with '+' reaches validate_net() Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/IPAddrs.pm | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm index 3f603490a..64e92e8f8 100644 --- a/Shorewall/Perl/Shorewall/IPAddrs.pm +++ b/Shorewall/Perl/Shorewall/IPAddrs.pm @@ -184,7 +184,16 @@ sub validate_4net( $$ ) { $net = '' unless defined $net; fatal_error "Missing address" if $net eq ''; - fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+'; + + if ( $net =~ /\+(\[?)/ ) { + if ( $1 ) { + fatal_error "An ipset list ($net) is not allowed in this context"; + } elsif ( $net =~ /^\+[a-zA-Z][-\w]+$/ ) { + fatal_error "An ipset name ($net) is not allowed in this context"; + } else { + fatal_error "Invalid ipset name ($net)"; + } + } if ( defined $vlsm ) { fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 32; @@ -540,7 +549,15 @@ sub validate_6net( $$ ) { my ($net, $vlsm, $rest) = split( '/', $_[0], 3 ); my $allow_name = $_[1]; - fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+'; + if ( $net =~ /\+(\[?)/ ) { + if ( $1 ) { + fatal_error "An ipset list ($net) is not allowed in this context"; + } elsif ( $net =~ /^\+[a-zA-Z][-\w]+$/ ) { + fatal_error "An ipset name ($net) is not allowed in this context"; + } else { + fatal_error "Invalid ipset name ($net)"; + } + } if ( defined $vlsm ) { fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 128;