Disallow double quotes in COMMENT lines

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-perl/Shorewall/Actions.pm

@@ -426,12 +426,7 @@ sub process_action3( $$$$$ ) {
 	my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 1, 8, 'action file';
 
 	if ( $target eq 'COMMENT' ) {
-	    if ( $capabilities{COMMENTS} ) {
-		( $comment = $line ) =~ s/^\s*COMMENT\s*//;
-	    } else {
-		warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
-	    }
-
+	    process_comment;
 	    next;
 	}
 

Shorewall-perl/Shorewall/Chains.pm

@@ -52,6 +52,7 @@ our @EXPORT = qw( STANDARD
 		  POSTROUTE_RESTRICT
 		  ALL_RESTRICT
 
+		  process_comment
 		  push_cmd_mode
 		  pop_cmd_mode
 		  add_command
@@ -257,6 +258,17 @@ my $chainseq;
 #    Chain reference , Command
 #
 
+#
+# Process a COMMENT line (in $line) 
+#
+sub process_comment() {
+    if ( $capabilities{COMMENTS} ) {
+	( $comment = $line ) =~ s/^\s*COMMENT\s*//;
+	fatal_error "COMMENT lines may not contain double quotes" if $comment =~ /"/;
+    } else {
+	warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
+    }
+}
 #
 # Functions to manipulate cmdcount
 #

Shorewall-perl/Shorewall/Nat.pm

@@ -271,11 +271,7 @@ sub setup_masq()
 	}
 
 	if ( $fullinterface eq 'COMMENT' ) {
-	    if ( $capabilities{COMMENTS} ) {
-		( $comment = $line ) =~ s/^\s*COMMENT\s*//;
-	    } else {
-		warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
-	    }
+	    process_comment;
 	} else {
 	    setup_one_masq $fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark;
 	}
@@ -384,11 +380,7 @@ sub setup_nat() {
 	}
 
 	if ( $external eq 'COMMENT' ) {
-	    if ( $capabilities{COMMENTS} ) {
-		( $comment = $line ) =~ s/^\s*COMMENT\s*//;
-	    } else {
-		warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
-	    }
+	    process_comment;
 	} else {
 	    do_one_nat $external, $interface, $internal, $allints, $localnat;
 	}

Shorewall-perl/Shorewall/Rules.pm

@@ -699,11 +699,7 @@ sub setup_mac_lists( $ ) {
 	    }
 
 	    if ( $disposition eq 'COMMENT' ) {
-		if ( $capabilities{COMMENTS} ) {
-		    ( $comment = $line ) =~ s/^\s*COMMENT\s*//;
-		} else {
-		    warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
-		}
+		process_comment;
 	    } else {
 		( $disposition, my $level ) = split /:/, $disposition;
 
@@ -1264,11 +1260,7 @@ sub process_rules() {
 	}
 
 	if ( $target eq 'COMMENT' ) {
-	    if ( $capabilities{COMMENTS} ) {
-		( $comment = $line ) =~ s/^\s*COMMENT\s*//;
-	    } else {
-		warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
-	    }
+	    process_comment;
 	} elsif ( $target eq 'SECTION' ) {
 	    fatal_error "Invalid SECTION $source" unless defined $sections{$source};
 	    fatal_error "Duplicate or out of order SECTION $source" if $sections{$source};

Shorewall-perl/Shorewall/Tc.pm

@@ -533,11 +533,7 @@ sub setup_tc() {
 	    }
 
 	    if ( $mark eq 'COMMENT' ) {
-		if ( $capabilities{COMMENTS} ) {
-		    ( $comment = $line ) =~ s/^\s*COMMENT\s*//;
-		} else {
-		    warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
-		}
+		process_comment;
 	    } else {
 		process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos
 	    }

Shorewall-perl/Shorewall/Tunnels.pm

@@ -263,11 +263,7 @@ sub setup_tunnels() {
 	}
 
 	if ( $kind eq 'COMMENT' ) {
-	    if ( $capabilities{COMMENTS} ) {
-		( $comment = $line ) =~ s/^\s*COMMENT\s*//;
-	    } else {
-		warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
-	    }
+	    process_comment;
 	} else {
 	    setup_one_tunnel $kind, $zone, $gateway, $gatewayzones;
 	}