holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Detect double exclusion in ipset expressions

Browse Source
This commit is contained in:
Tom Eastep 2011-05-03 13:24:41 -07:00
parent 368fe46932
commit 349960294c
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3227,9 +3227,13 @@ sub addnatjump( $$$ ) {
# where an element of the list might be +ipset[flag,...] or +[ipset[flag,...],...] # where an element of the list might be +ipset[flag,...] or +[ipset[flag,...],...]
# #
sub mysplit( $ ) { sub mysplit( $ ) {
my @input = split_list $_[0], 'host'; my $input = $_[0];
return @input unless $_[0] =~ /\[/; my @input = split_list $input, 'host';
return @input unless $input =~ /\[/;
my $exclude = 0;
my @result; my @result;
@ -3242,7 +3246,11 @@ sub mysplit( $ ) {
$element .= ( ',' . shift @input ); $element .= ( ',' . shift @input );
} }
fatal_error "Invalid host list ($input)" if $exclude && $element =~ /!/;
$exclude ||= $element =~ /^!/ || $element =~ /\]!/;
fatal_error "Mismatched [...] ($element)" unless $element =~ tr/[/[/ == $element =~ tr/]/]/; fatal_error "Mismatched [...] ($element)" unless $element =~ tr/[/[/ == $element =~ tr/]/]/;
} else {
$exclude ||= $element =~ /!/;
} }
push @result, $element; push @result, $element;