forked from extern/shorewall_code
More defense against silly lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8116 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
7b4abdba94
commit
3cad33ea20
@ -858,7 +858,7 @@ sub find_file($)
|
||||
sub split_list( $$ ) {
|
||||
my ($list, $type ) = @_;
|
||||
|
||||
fatal_error "Invalid $type list ($list)" if $list =~ /^,/ or $list =~/,$/ or $list =~ /,,/;
|
||||
fatal_error "Invalid $type list ($list)" if $list =~ /^,|,$|,,|!,|,!$/;
|
||||
|
||||
split /,/, $list;
|
||||
}
|
||||
|
@ -91,6 +91,7 @@ sub validate_net( $$ ) {
|
||||
my ($net, $vlsm, $rest) = split( '/', $_[0], 3 );
|
||||
my $allow_name = $_[1];
|
||||
|
||||
fatal_error "Missing address" if $net eq '';
|
||||
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
|
||||
|
||||
if ( defined $vlsm ) {
|
||||
|
@ -176,7 +176,8 @@ sub setup_ecn()
|
||||
|
||||
$hosts = ALLIPv4 if $hosts eq '-';
|
||||
|
||||
for my $host( split_list $hosts, 'host' ) {
|
||||
for my $host( split_list $hosts, 'address' ) {
|
||||
validate_net( $host , 1 );
|
||||
push @hosts, [ $interface, $host ];
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user