From 77c46f9f98fa96b601ca66410a465150245fba50 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 28 Jun 2004 17:53:31 +0000 Subject: [PATCH] Fix bogus code in process_tc_rule git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1413 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/changelog.txt | 4 ++++ Shorewall2/firewall | 6 +----- Shorewall2/releasenotes.txt | 8 ++++++++ 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 5f15550f2..b4e536899 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -34,3 +34,7 @@ Changes since 2.0.2 comments in the rules file WRT "all" in SOURCE or DEST. 16) Pass INVALID icmp packets through the blacklisting chains. + +17) Fix bogus code in procerss_tc_rule() + +18) Fix security vulnerability involving temporary files/directories. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index a1fc87edf..746ae7d6c 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -2050,11 +2050,7 @@ process_tc_rule() esac fi - if [ "x$dest" != "x-" ]; then - verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\"" - r="${r}$(match_dest_dev $dest) " - fi - + [ "x$dest" = "x-" ] || r="${r}-d $dest " [ "$proto" = "all" ] || r="${r}-p $proto " [ "x$port" = "x-" ] || r="${r}--dport $port " [ "x$sport" = "x-" ] || r="${r}--sport $sport " diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 71755621f..e987cbd4b 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -44,6 +44,14 @@ Problems Corrected since 2.0.2 not possible to blacklist hosts that are mounting certain types of ICMP-based DOS attacks. +Problems Corrected since 2.0.3 + +1) A non-empty DEST entry in /etc/shorewall/tcrules will generate an + error and Shorewall fails to start. + +2) A potential security vulnerablilty in the way that Shorewall + handles temporary files and directories has been corrected. + ----------------------------------------------------------------------- Issues when migrating from Shorewall 2.0.2 to Shorewall 2.0.3: