holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Don't allow long port lists or icmp lists in netmap

Browse Source
This commit is contained in:
Tom Eastep 2011-09-19 13:27:27 -07:00
parent 990d6e504d
commit a5e05c9e8e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3112,6 +3112,7 @@ sub do_proto( $$$;$ )
if ( $ports =~ /,/ ) {
fatal_error "An inverted ICMP list may only contain a single type" if $invert;
fatal_error "An ICMP type list is not allowed in this context" if $restricted;
$types = '';
for my $type ( split_list( $ports, 'ICMP type list' ) ) {
$types = $types ? join( ',', $types, validate_icmp( $type ) ) : $type;
@ -3136,6 +3137,7 @@ sub do_proto( $$$;$ )
if ( $ports =~ /,/ ) {
fatal_error "An inverted ICMP list may only contain a single type" if $invert;
fatal_error "An ICMP type list is not allowed in this context" if $restricted;
$types = '';
for my $type ( list_split( $ports, 'ICMP type list' ) ) {
$types = $types ? join( ',', $types, validate_icmp6( $type ) ) : $type;
@ -3300,6 +3302,7 @@ sub do_iproto( $$$ )
if ( $ports =~ /,/ ) {
fatal_error "An inverted ICMP list may only contain a single type" if $invert;
fatal_error "An ICMP type list is not allowed in this context" if $restricted;
$types = '';
for my $type ( split_list( $ports, 'ICMP type list' ) ) {
$types = $types ? join( ',', $types, validate_icmp( $type ) ) : $type;
@ -3324,8 +3327,9 @@ sub do_iproto( $$$ )
if ( $ports =~ /,/ ) {
fatal_error "An inverted ICMP list may only contain a single type" if $invert;
fatal_error "An ICMP type list is not allowed in this context" if $restricted;
$types = '';
for my $type ( list_split( $ports, 'ICMP type list' ) ) {
for my $type ( split_list( $ports, 'ICMP type list' ) ) {
$types = $types ? join( ',', $types, validate_icmp6( $type ) ) : $type;
}
} else {