From ab5a11e91b30f08bffa005f373450181d8f994c9 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 15 Feb 2013 14:26:08 -0800
Subject: [PATCH] Correct IPv6 address checking (again)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm  |  8 ++++----
 Shorewall/Perl/Shorewall/IPAddrs.pm | 16 +++++++++++++---
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index f0f311387..b02cd4f62 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6331,7 +6331,7 @@ sub isolate_source_interface( $ ) {
     } else {
 	$source =~ tr/<>/[]/;
 
-	if ( $source =~ /^(.+?):(\[(?:.+)\],\[(?:.+)\])$/ ) {
+	if ( $source =~ /^(.+?):(\[(?:.+),\[(?:.+)\])$/ ) {
 	    $iiface = $1;
 	    $inets  = $2;
 	} elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ||
@@ -6342,7 +6342,7 @@ sub isolate_source_interface( $ ) {
 	    $iiface = $1;
 	    $inets  = $2;
 	} elsif ( $source =~ /:/ ) {
-	    if ( $source =~ /^\[(?:.+)\],\[(?:.+)\]$/ ){
+	    if ( $source =~ /^\[(?:.+),\[(?:.+)\]$/ ){
 		$inets = $source;
 	    } elsif ( $source =~ /^\[(.+)\]$/ ) {
 		$inets = $1;
@@ -6449,7 +6449,7 @@ sub isolate_dest_interface( $$$$ ) {
     } else {
 	$dest =~ tr/<>/[]/;
 
-	if ( $dest =~ /^(.+?):(\[(?:.+)\],\[(?:.+)\])$/ ) {
+	if ( $dest =~ /^(.+?):(\[(?:.+),\[(?:.+)\])$/ ) {
 	    $diface = $1;
 	    $dnets  = $2;
 	} elsif (  $dest =~ /^(.+?):\[(.+)\]\s*$/ ||
@@ -6460,7 +6460,7 @@ sub isolate_dest_interface( $$$$ ) {
 	    $diface = $1;
 	    $dnets  = $2;
 	} elsif ( $dest =~ /:/ ) {
-	    if ( $dest =~ /^\[(?:.+)\],\[(?:.+)\]$/ ){
+	    if ( $dest =~ /^\[(?:.+),\[(?:.+)\]$/ ){
 		$dnets = $dest;
 	    } elsif ( $dest =~ /^\[(.+)\]$/ ) {
 		$dnets = $1;
diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm
index 8a0d0721b..b98b2f182 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -646,8 +646,19 @@ sub resolve_6dnsname( $ ) {
 } 
 
 sub validate_6net( $$ ) {
-    my ($net, $vlsm, $rest) = split( '/', $_[0], 3 );
-    my $allow_name = $_[0];
+    my ( $net, $allow_name ) = @_;
+
+    if ( $net =~ /^\[(.+)]$/ ) {
+	$net = $1;
+    } elsif ( $net =~ /^\[(.+)\]\/(\d+)$/ ) {
+	$net = join( '/', $1, $2 );
+    }
+
+    fatal_error "Invalid Network Address($net)" if $net =~ /\[/;
+
+    ($net, my $vlsm, my $rest) = split( '/', $net, 3 );
+
+    fatal_error 'Invalid Network Address(' . join( '/', $net, $vlsm, $rest ) if defined $rest;
 
     if ( $net =~ /\+(\[?)/ ) {
 	if ( $1 ) {
@@ -661,7 +672,6 @@ sub validate_6net( $$ ) {
 
     fatal_error "Invalid Network address ($_[0])" unless supplied $net;
 
-    $net = $1 if $net =~ /^\[(.*)\]$/;
 
     if ( defined $vlsm ) {
         fatal_error "Invalid VLSM ($vlsm)"              unless $vlsm =~ /^\d+$/ && $vlsm <= 128;