From 5d8989173be69e7ec763e46c7493f697f7320cf9 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 1 Apr 2007 15:38:05 +0000 Subject: [PATCH] Check for minimum columns in split_line git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5785 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- New/Shorewall/Accounting.pm | 2 +- New/Shorewall/Actions.pm | 10 +++++----- New/Shorewall/Config.pm | 11 ++++++----- New/Shorewall/Hosts.pm | 2 +- New/Shorewall/Interfaces.pm | 2 +- New/Shorewall/Nat.pm | 6 +++--- New/Shorewall/Policy.pm | 2 +- New/Shorewall/Providers.pm | 10 ++-------- New/Shorewall/Proxyarp.pm | 2 +- New/Shorewall/Rules.pm | 20 ++++++++++---------- New/Shorewall/Tc.pm | 8 ++++---- New/Shorewall/Tunnels.pm | 2 +- New/Shorewall/Zones.pm | 2 +- 13 files changed, 37 insertions(+), 42 deletions(-) diff --git a/New/Shorewall/Accounting.pm b/New/Shorewall/Accounting.pm index bfed42e1b..bdc15b059 100644 --- a/New/Shorewall/Accounting.pm +++ b/New/Shorewall/Accounting.pm @@ -116,7 +116,7 @@ sub setup_accounting() { while ( read_a_line ) { - my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = split_line 8, 'Accounting File'; + my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = split_line 1, 8, 'Accounting File'; if ( $first_entry ) { progress_message2 "$doing $fn..."; diff --git a/New/Shorewall/Actions.pm b/New/Shorewall/Actions.pm index b0270e5d4..3914a308b 100644 --- a/New/Shorewall/Actions.pm +++ b/New/Shorewall/Actions.pm @@ -248,7 +248,7 @@ sub process_actions1() { open_file $file; while ( read_a_line ) { - my ( $action ) = split_line 1, 'action file'; + my ( $action ) = split_line 1, 1, 'action file'; if ( $action =~ /:/ ) { warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf'; @@ -278,7 +278,7 @@ sub process_actions1() { while ( read_a_line ) { - my ($wholetarget, $source, $dest, $proto, $ports, $sports, $rate, $users ) = split_line 8, 'action file'; + my ($wholetarget, $source, $dest, $proto, $ports, $sports, $rate, $users ) = split_line 1, 8, 'action file'; my ( $target, $level ) = split_action $wholetarget; @@ -303,7 +303,7 @@ sub process_actions1() { push_open( $macrofile ); while ( read_a_line ) { - my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $ mrate, $muser ) = split_line 8, 'macro file'; + my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $ mrate, $muser ) = split_line 1, 8, 'macro file'; $mtarget =~ s/:.*$//; @@ -388,7 +388,7 @@ sub process_action3( $$$$$ ) { while ( read_a_line ) { - my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 8, 'action file'; + my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 1, 8, 'action file'; my $target2 = merge_levels $wholeaction, $target; @@ -424,7 +424,7 @@ sub process_action3( $$$$$ ) { while ( read_a_line ) { - my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file'; + my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 1, 8, 'macro file'; if ( $mtarget =~ /^PARAM:?/ ) { fatal_error 'PARAM requires that a parameter be supplied in macro invocation' unless $param; diff --git a/New/Shorewall/Config.pm b/New/Shorewall/Config.pm index 4b9c6485a..2401631a8 100644 --- a/New/Shorewall/Config.pm +++ b/New/Shorewall/Config.pm @@ -291,16 +291,17 @@ my %no_pad = ( COMMENT => 1, # ensure that it has an appropriate number of columns. # supply '-' in omitted trailing columns. # -sub split_line( $$ ) { - my ( $columns, $description ) = @_; +sub split_line( $$$ ) { + my ( $mincolumns, $maxcolumns, $description ) = @_; my @line = split /\s+/, $line; return @line if $no_pad{$line[0]}; - fatal_error "Invalid $description entry (too many columns)" if @line > $columns; + fatal_error "Invalid $description entry (too few columns)" if @line < $mincolumns; + fatal_error "Invalid $description entry (too many columns)" if @line > $maxcolumns; - push @line, '-' while @line < $columns; + push @line, '-' while @line < $maxcolumns; @line; } @@ -687,7 +688,7 @@ sub get_configuration( $ ) { default 'OPTIMIZE' , 0; default 'IPSECFILE' , 'ipsec'; - fatal_error "IPSECFILE=ipsec is not supported by Shorewall-perl ' . $globals{VERSION} unless $config{IPSECFILE} eq 'zones'; + fatal_error 'IPSECFILE=ipsec is not supported by Shorewall-perl ' . $globals{VERSION} unless $config{IPSECFILE} eq 'zones'; for my $default qw/DROP_DEFAULT REJECT_DEFAULT QUEUE_DEFAULT ACCEPT_DEFAULT/ { $config{$default} = 'none' if "\L$config{$default}" eq 'none'; diff --git a/New/Shorewall/Hosts.pm b/New/Shorewall/Hosts.pm index 945fe9c97..33ca0cf17 100644 --- a/New/Shorewall/Hosts.pm +++ b/New/Shorewall/Hosts.pm @@ -57,7 +57,7 @@ sub validate_hosts_file() while ( read_a_line ) { - my ($zone, $hosts, $options ) = split_line 3, 'hosts file'; + my ($zone, $hosts, $options ) = split_line 2, 3, 'hosts file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; diff --git a/New/Shorewall/Interfaces.pm b/New/Shorewall/Interfaces.pm index 0713a0c8b..a70ad39df 100644 --- a/New/Shorewall/Interfaces.pm +++ b/New/Shorewall/Interfaces.pm @@ -139,7 +139,7 @@ sub validate_interfaces_file() while ( read_a_line ) { - my ($zone, $interface, $networks, $options ) = split_line 4, 'interfaces file'; + my ($zone, $interface, $networks, $options ) = split_line 2, 4, 'interfaces file'; my $zoneref; if ( $first_entry ) { diff --git a/New/Shorewall/Nat.pm b/New/Shorewall/Nat.pm index ff462eb55..d1adadc83 100644 --- a/New/Shorewall/Nat.pm +++ b/New/Shorewall/Nat.pm @@ -244,7 +244,7 @@ sub setup_masq() while ( read_a_line ) { - my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec) = split_line 6, 'masq file'; + my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec) = split_line 2, 6, 'masq file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; @@ -358,7 +358,7 @@ sub setup_nat() { while ( read_a_line ) { - my ( $external, $interface, $internal, $allints, $localnat ) = split_line 5, 'nat file'; + my ( $external, $interface, $internal, $allints, $localnat ) = split_line 3, 5, 'nat file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; @@ -393,7 +393,7 @@ sub setup_netmap() { while ( read_a_line ) { - my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file'; + my ( $type, $net1, $interface, $net2 ) = split_line 4, 4, 'netmap file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; diff --git a/New/Shorewall/Policy.pm b/New/Shorewall/Policy.pm index d4c41e697..d0ad890e6 100644 --- a/New/Shorewall/Policy.pm +++ b/New/Shorewall/Policy.pm @@ -134,7 +134,7 @@ sub validate_policy() while ( read_a_line ) { - my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 5, 'policy file'; + my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 3, 5, 'policy file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; diff --git a/New/Shorewall/Providers.pm b/New/Shorewall/Providers.pm index 514d3834f..5305178bf 100644 --- a/New/Shorewall/Providers.pm +++ b/New/Shorewall/Providers.pm @@ -163,9 +163,6 @@ sub setup_providers() { emit "qt ip route flush table $number"; emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing"; - $duplicate = '-' unless $duplicate; - $copy = '-' unless $copy; - if ( $duplicate ne '-' ) { if ( $copy ne '-' ) { if ( $copy eq 'none' ) { @@ -312,9 +309,6 @@ sub setup_providers() { fatal_error "Unknown provider ($provider)" unless $found; } - $source = '-' unless $source; - $dest = '-' unless $dest; - fatal_error "You must specify either the source or destination in a route_rules entry" if $source eq '-' && $dest eq '-'; $dest = $dest eq '-' ? '' : "to $dest"; @@ -376,7 +370,7 @@ sub setup_providers() { emit 'DEFAULT_ROUTE='; } - my ( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ) = split_line 8, 'providers file'; + my ( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ) = split_line 6, 8, 'providers file'; add_a_provider( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ); @@ -441,7 +435,7 @@ sub setup_providers() { $first_entry = 0; } - my ( $source, $dest, $provider, $priority ) = split_line 4, 'route_rules file'; + my ( $source, $dest, $provider, $priority ) = split_line 4, 4, 'route_rules file'; add_an_rtrule( $source, $dest, $provider , $priority ); } diff --git a/New/Shorewall/Proxyarp.pm b/New/Shorewall/Proxyarp.pm index d01027a0b..6f7007ab2 100644 --- a/New/Shorewall/Proxyarp.pm +++ b/New/Shorewall/Proxyarp.pm @@ -93,7 +93,7 @@ sub setup_proxy_arp() { while ( read_a_line ) { - my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 5, 'proxyarp file'; + my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 3, 5, 'proxyarp file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; diff --git a/New/Shorewall/Rules.pm b/New/Shorewall/Rules.pm index 54a9a9504..9c51296a5 100644 --- a/New/Shorewall/Rules.pm +++ b/New/Shorewall/Rules.pm @@ -71,7 +71,7 @@ sub process_tos() { while ( read_a_line ) { - my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 'tos file'; + my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 6, 'tos file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; @@ -133,7 +133,7 @@ sub setup_ecn() while ( read_a_line ) { - my ($interface, $hosts ) = split_line 2, 'ecn file'; + my ($interface, $hosts ) = split_line 1, 2, 'ecn file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; @@ -200,7 +200,7 @@ sub setup_rfc1918_filteration( $ ) { while ( read_a_line ) { - my ( $networks, $target ) = split_line 2, 'rfc1918 file'; + my ( $networks, $target ) = split_line 2, 2, 'rfc1918 file'; my $s_target; @@ -282,7 +282,7 @@ sub setup_blacklist() { while ( read_a_line ) { - my ( $networks, $protocol, $ports ) = split_line 3, 'blacklist file'; + my ( $networks, $protocol, $ports ) = split_line 1, 3, 'blacklist file'; if ( $first_entry ) { unless ( @$hosts ) { @@ -341,14 +341,14 @@ sub process_criticalhosts() { my $routeback = 0; - my ($interface, $hosts, $options ) = split_line 3, 'routestopped file'; + my ($interface, $hosts, $options ) = split_line 1, 3, 'routestopped file'; if ( $first_entry ) { progress_message2 "$doing $fn for critical hosts..."; $first_entry = 0; } - $hosts = ALLIPv4 unless $hosts && $hosts ne '-'; + $hosts = ALLIPv4 unless $hosts ne '-'; my @hosts; @@ -384,7 +384,7 @@ sub process_routestopped() { my $routeback = 0; - my ($interface, $hosts, $options ) = split_line 3, 'routestopped file'; + my ($interface, $hosts, $options ) = split_line 1, 3, 'routestopped file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; @@ -673,7 +673,7 @@ sub setup_mac_lists( $ ) { while ( read_a_line ) { - my ( $disposition, $interface, $mac, $addresses ) = split_line 4, 'maclist file'; + my ( $disposition, $interface, $mac, $addresses ) = split_line 3, 4, 'maclist file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; @@ -785,7 +785,7 @@ sub process_macro ( $$$$$$$$$$$ ) { while ( read_a_line ) { - my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file'; + my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 1, 8, 'macro file'; $mtarget = merge_levels $target, $mtarget; @@ -1212,7 +1212,7 @@ sub process_rules() { while ( read_a_line ) { - my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 9, 'rules file'; + my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 3, 9, 'rules file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; diff --git a/New/Shorewall/Tc.pm b/New/Shorewall/Tc.pm index 4a997ad37..3b8bf405d 100644 --- a/New/Shorewall/Tc.pm +++ b/New/Shorewall/Tc.pm @@ -320,7 +320,7 @@ sub validate_tc_class( $$$$$$ ) { $tcref->{tos} = []; $tcref->{rate} = convert_rate $full, $rate; $tcref->{ceiling} = convert_rate $full, $ceil; - $tcref->{priority} = defined $prio ? $prio : 1; + $tcref->{priority} = $prio eq '-' ? 1 : $prio; unless ( $options eq '-' ) { for my $option ( split /,/, "\L$options" ) { @@ -358,7 +358,7 @@ sub setup_traffic_shaping() { while ( read_a_line ) { - my ( $device, $inband, $outband ) = split_line 3, 'tcdevices'; + my ( $device, $inband, $outband ) = split_line 3, 3, 'tcdevices'; if ( $first_entry ) { progress_message2 "$doing $fn..."; @@ -382,7 +382,7 @@ sub setup_traffic_shaping() { $first_entry = 0; } - my ( $device, $mark, $rate, $ceil, $prio, $options ) = split_line 6, 'tcclasses file'; + my ( $device, $mark, $rate, $ceil, $prio, $options ) = split_line 4, 6, 'tcclasses file'; validate_tc_class( $device, $mark, $rate, $ceil, $prio, $options ); } @@ -509,7 +509,7 @@ sub setup_tc() { while ( read_a_line ) { - my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 10, 'tcrules file'; + my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 2, 10, 'tcrules file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; diff --git a/New/Shorewall/Tunnels.pm b/New/Shorewall/Tunnels.pm index df1f9913f..d0f648d50 100644 --- a/New/Shorewall/Tunnels.pm +++ b/New/Shorewall/Tunnels.pm @@ -237,7 +237,7 @@ sub setup_tunnels() { while ( read_a_line ) { - my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 4, 'tunnels file'; + my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 2, 4, 'tunnels file'; if ( $first_entry ) { progress_message2 "$doing $fn..."; diff --git a/New/Shorewall/Zones.pm b/New/Shorewall/Zones.pm index 1c9f922f3..32c694cff 100644 --- a/New/Shorewall/Zones.pm +++ b/New/Shorewall/Zones.pm @@ -188,7 +188,7 @@ sub determine_zones() my @parents; - my ($zone, $type, $options, $in_options, $out_options ) = split_line 5, 'zones file'; + my ($zone, $type, $options, $in_options, $out_options ) = split_line 1, 5, 'zones file'; if ( $first_entry ) { progress_message2 "$doing $fn...";