From 3cad33ea20f8d467504c03da24bb541f085b8462 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sat, 26 Jan 2008 22:15:07 +0000
Subject: [PATCH] More defense against silly lists

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8116 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Config.pm  | 2 +-
 Shorewall-perl/Shorewall/IPAddrs.pm | 1 +
 Shorewall-perl/Shorewall/Rules.pm   | 3 ++-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm
index 6ace9c998..7d6920308 100644
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@@ -858,7 +858,7 @@ sub find_file($)
 sub split_list( $$ ) {
     my ($list, $type ) = @_;
 
-    fatal_error "Invalid $type list ($list)" if $list =~ /^,/ or $list =~/,$/ or $list =~ /,,/;
+    fatal_error "Invalid $type list ($list)" if $list =~ /^,|,$|,,|!,|,!$/;
     
     split /,/, $list;
 }
diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm
index fcfbed934..0dce9b8fb 100644
--- a/Shorewall-perl/Shorewall/IPAddrs.pm
+++ b/Shorewall-perl/Shorewall/IPAddrs.pm
@@ -91,6 +91,7 @@ sub validate_net( $$ ) {
     my ($net, $vlsm, $rest) = split( '/', $_[0], 3 );
     my $allow_name = $_[1];
 
+    fatal_error "Missing address" if $net eq '';
     fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
 
     if ( defined $vlsm ) {
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index fc6ec5c2a..c9a3f9aa3 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -176,7 +176,8 @@ sub setup_ecn()
 
 	    $hosts = ALLIPv4 if $hosts eq '-';
 
-	    for my $host( split_list $hosts, 'host' ) {
+	    for my $host( split_list $hosts, 'address' ) {
+		validate_net( $host , 1 );
 		push @hosts, [ $interface, $host ];
 	    }
 	}