forked from extern/shorewall_code
Make NFQUEUE parsing more robust
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
0a45c7a646
commit
9a3c43b6d3
@ -474,16 +474,15 @@ sub process_default_action( $$$$ ) {
|
|||||||
#
|
#
|
||||||
sub handle_nfqueue( $$ ) {
|
sub handle_nfqueue( $$ ) {
|
||||||
my ($params, $allow_bypass ) = @_;
|
my ($params, $allow_bypass ) = @_;
|
||||||
my $action;
|
my ( $action, $bypass );
|
||||||
my ( $queue1, $queue2, $queuenum1, $queuenum2 );
|
my ( $queue1, $queue2, $queuenum1, $queuenum2 );
|
||||||
|
|
||||||
require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' );
|
require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' );
|
||||||
|
|
||||||
$params = '' unless defined $params;
|
if ( supplied( $params ) ) {
|
||||||
|
( my $queue, $bypass, my $junk ) = split ',', $params, 3;
|
||||||
|
|
||||||
my ( $queue, $bypass, $junk ) = split ',', $params, 3;
|
fatal_error "Invalid NFQUEUE parameter list ($params)" if defined $junk;
|
||||||
|
|
||||||
fatal_error "Invalid NFQUEUE parameter list" if defined $junk;
|
|
||||||
|
|
||||||
if ( supplied $queue ) {
|
if ( supplied $queue ) {
|
||||||
if ( $queue eq 'bypass' ) {
|
if ( $queue eq 'bypass' ) {
|
||||||
@ -492,7 +491,9 @@ sub handle_nfqueue( $$ ) {
|
|||||||
return 'NFQUEUE --queue-bypass';
|
return 'NFQUEUE --queue-bypass';
|
||||||
}
|
}
|
||||||
|
|
||||||
( $queue1, $queue2 ) = split ':', $queue;
|
( $queue1, $queue2 ) = split ':', $queue, 2;
|
||||||
|
|
||||||
|
fatal_error "Invalid NFQUEUE parameter list ($params)" unless supplied $queue1;
|
||||||
|
|
||||||
$queuenum1 = numeric_value( $queue1 );
|
$queuenum1 = numeric_value( $queue1 );
|
||||||
|
|
||||||
@ -506,6 +507,9 @@ sub handle_nfqueue( $$ ) {
|
|||||||
} else {
|
} else {
|
||||||
$queuenum1 = 0;
|
$queuenum1 = 0;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$queuenum1 = 0;
|
||||||
|
}
|
||||||
|
|
||||||
if ( supplied $bypass ) {
|
if ( supplied $bypass ) {
|
||||||
fatal_error "Invalid NFQUEUE option ($bypass)" if $bypass ne 'bypass';
|
fatal_error "Invalid NFQUEUE option ($bypass)" if $bypass ne 'bypass';
|
||||||
|
Loading…
x
Reference in New Issue
Block a user