holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Make NFQUEUE parsing more robust

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-05-30 07:01:30 -07:00
parent 0a45c7a646
commit 9a3c43b6d3
1 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -474,16 +474,15 @@ sub process_default_action( $$$$ ) {
# #
sub handle_nfqueue( $$ ) { sub handle_nfqueue( $$ ) {
my ($params, $allow_bypass ) = @_; my ($params, $allow_bypass ) = @_;
my $action; my ( $action, $bypass );
my ( $queue1, $queue2, $queuenum1, $queuenum2 ); my ( $queue1, $queue2, $queuenum1, $queuenum2 );
require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' ); require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' );
$params = '' unless defined $params; if ( supplied( $params ) ) {
( my $queue, $bypass, my $junk ) = split ',', $params, 3;
my ( $queue, $bypass, $junk ) = split ',', $params, 3; fatal_error "Invalid NFQUEUE parameter list ($params)" if defined $junk;
fatal_error "Invalid NFQUEUE parameter list" if defined $junk;
if ( supplied $queue ) { if ( supplied $queue ) {
if ( $queue eq 'bypass' ) { if ( $queue eq 'bypass' ) {
@ -492,7 +491,9 @@ sub handle_nfqueue( $$ ) {
return 'NFQUEUE --queue-bypass'; return 'NFQUEUE --queue-bypass';
} }
( $queue1, $queue2 ) = split ':', $queue; ( $queue1, $queue2 ) = split ':', $queue, 2;
fatal_error "Invalid NFQUEUE parameter list ($params)" unless supplied $queue1;
$queuenum1 = numeric_value( $queue1 ); $queuenum1 = numeric_value( $queue1 );
@ -506,6 +507,9 @@ sub handle_nfqueue( $$ ) {
} else { } else {
$queuenum1 = 0; $queuenum1 = 0;
} }
} else {
$queuenum1 = 0;
}
if ( supplied $bypass ) { if ( supplied $bypass ) {
fatal_error "Invalid NFQUEUE option ($bypass)" if $bypass ne 'bypass'; fatal_error "Invalid NFQUEUE option ($bypass)" if $bypass ne 'bypass';