holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Disallow double quotes in COMMENT lines

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-09 18:22:40 +00:00
parent 9fe1d8e260
commit ba6a5eeb39
6 changed files with 19 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall-perl/Shorewall/Actions.pm
View File

@ -426,12 +426,7 @@ sub process_action3( $$$$$ ) {
my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 1, 8, 'action file'; my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 1, 8, 'action file';
if ( $target eq 'COMMENT' ) { if ( $target eq 'COMMENT' ) {
if ( $capabilities{COMMENTS} ) { process_comment;
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
} else {
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
}
next; next;
} }

12
Shorewall-perl/Shorewall/Chains.pm
View File

@ -52,6 +52,7 @@ our @EXPORT = qw( STANDARD
POSTROUTE_RESTRICT POSTROUTE_RESTRICT
ALL_RESTRICT ALL_RESTRICT
process_comment
push_cmd_mode push_cmd_mode
pop_cmd_mode pop_cmd_mode
add_command add_command
@ -257,6 +258,17 @@ my $chainseq;
# Chain reference , Command # Chain reference , Command
# #
#
# Process a COMMENT line (in $line)
#
sub process_comment() {
if ( $capabilities{COMMENTS} ) {
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
fatal_error "COMMENT lines may not contain double quotes" if $comment =~ /"/;
} else {
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
}
}
# #
# Functions to manipulate cmdcount # Functions to manipulate cmdcount
# #

12
Shorewall-perl/Shorewall/Nat.pm
View File

@ -271,11 +271,7 @@ sub setup_masq()
} }
if ( $fullinterface eq 'COMMENT' ) { if ( $fullinterface eq 'COMMENT' ) {
if ( $capabilities{COMMENTS} ) { process_comment;
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
} else {
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
}
} else { } else {
setup_one_masq $fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark; setup_one_masq $fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark;
} }
@ -384,11 +380,7 @@ sub setup_nat() {
} }
if ( $external eq 'COMMENT' ) { if ( $external eq 'COMMENT' ) {
if ( $capabilities{COMMENTS} ) { process_comment;
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
} else {
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
}
} else { } else {
do_one_nat $external, $interface, $internal, $allints, $localnat; do_one_nat $external, $interface, $internal, $allints, $localnat;
} }

12
Shorewall-perl/Shorewall/Rules.pm
View File

@ -699,11 +699,7 @@ sub setup_mac_lists( $ ) {
} }
if ( $disposition eq 'COMMENT' ) { if ( $disposition eq 'COMMENT' ) {
if ( $capabilities{COMMENTS} ) { process_comment;
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
} else {
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
}
} else { } else {
( $disposition, my $level ) = split /:/, $disposition; ( $disposition, my $level ) = split /:/, $disposition;
@ -1264,11 +1260,7 @@ sub process_rules() {
} }
if ( $target eq 'COMMENT' ) { if ( $target eq 'COMMENT' ) {
if ( $capabilities{COMMENTS} ) { process_comment;
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
} else {
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
}
} elsif ( $target eq 'SECTION' ) { } elsif ( $target eq 'SECTION' ) {
fatal_error "Invalid SECTION $source" unless defined $sections{$source}; fatal_error "Invalid SECTION $source" unless defined $sections{$source};
fatal_error "Duplicate or out of order SECTION $source" if $sections{$source}; fatal_error "Duplicate or out of order SECTION $source" if $sections{$source};

6
Shorewall-perl/Shorewall/Tc.pm
View File

@ -533,11 +533,7 @@ sub setup_tc() {
} }
if ( $mark eq 'COMMENT' ) { if ( $mark eq 'COMMENT' ) {
if ( $capabilities{COMMENTS} ) { process_comment;
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
} else {
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
}
} else { } else {
process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos
} }

6
Shorewall-perl/Shorewall/Tunnels.pm
View File

@ -263,11 +263,7 @@ sub setup_tunnels() {
} }
if ( $kind eq 'COMMENT' ) { if ( $kind eq 'COMMENT' ) {
if ( $capabilities{COMMENTS} ) { process_comment;
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
} else {
warning_message "COMMENT ignored -- requires comment support in iptables/Netfilter";
}
} else { } else {
setup_one_tunnel $kind, $zone, $gateway, $gatewayzones; setup_one_tunnel $kind, $zone, $gateway, $gatewayzones;
} }