Fix bugs in SECTION and COMMENT handling

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6317 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-perl/Shorewall/Actions.pm

@@ -423,7 +423,7 @@ sub process_action3( $$$$$ ) {
 
     while ( read_a_line ) {
 
-	my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 1, 8, 'action file';
+	my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line1 1, 8, 'action file';
 
 	if ( $target eq 'COMMENT' ) {
 	    process_comment;

Shorewall-perl/Shorewall/Chains.pm

@@ -657,6 +657,10 @@ sub finish_chain_section ($$) {
 sub finish_section ( $ ) {
     my $sections = $_[0];
 
+    for my $section ( split /,/, $sections ) {
+	$sections{$section} = 1;
+    }
+
     for my $zone ( @zones ) {
 	for my $zone1 ( @zones ) {
 	    my $chainref = $chain_table{'filter'}{"${zone}2${zone1}"};

Shorewall-perl/Shorewall/Config.pm

@@ -38,6 +38,8 @@ our @EXPORT = qw(
 		 fatal_error
 		 find_file
 		 split_line
+		 split_line1
+		 split_line2
 		 open_file
 		 close_file
 		 push_open
@@ -293,13 +295,6 @@ sub find_file($)
     "$globals{CONFDIR}/$filename";
 }
 
-#
-# When splitting a line, don't pad out the columns with '-' if the first column contains one of these
-#
-
-my %no_pad = ( COMMENT => 1,
-	       SECTION => 1 );
-
 #
 # Pre-process a line from a configuration file.
 
@@ -309,11 +304,58 @@ my %no_pad = ( COMMENT => 1,
 sub split_line( $$$ ) {
     my ( $mincolumns, $maxcolumns, $description ) = @_;
 
+    fatal_error "Shorewall Configuration file entries may not contain single quotes, double quotes, single back quotes or backslashes" if $line =~ /["'`\\]/;
+
+    my @line = split /\s+/, $line;
+
+    fatal_error "Invalid $description entry (too few columns)"  if @line < $mincolumns;
+    fatal_error "Invalid $description entry (too many columns)" if @line > $maxcolumns;
+
+    push @line, '-' while @line < $maxcolumns;
+
+    @line;
+}
+
+sub split_line1( $$$ ) {
+    my ( $mincolumns, $maxcolumns, $description ) = @_;
+
     fatal_error "Shorewall Configuration file entries may not contain double quotes, single back quotes or backslashes" if $line =~ /["`\\]/;
 
     my @line = split /\s+/, $line;
 
-    return @line if $no_pad{$line[0]};
+    return @line if $line[0] eq 'COMMENT';
+
+    fatal_error "Shorewall Configuration file entries may not contain single quotes" if $line =~ /'/;
+
+    fatal_error "Invalid $description entry (too few columns)"  if @line < $mincolumns;
+    fatal_error "Invalid $description entry (too many columns)" if @line > $maxcolumns;
+
+    push @line, '-' while @line < $maxcolumns;
+
+    @line;
+}
+
+#
+# When splitting a line in the rules file, don't pad out the columns with '-' if the first column contains one of these
+#
+
+my %no_pad = ( COMMENT => 0,
+	       SECTION => 2 );
+
+sub split_line2( $$$ ) {
+    my ( $mincolumns, $maxcolumns, $description ) = @_;
+
+    fatal_error "Shorewall Configuration file entries may not contain double quotes, single back quotes or backslashes" if $line =~ /["`\\]/;
+
+    my @line = split /\s+/, $line;
+
+    my $first   = $line[0];
+    my $columns = $no_pad{$first};
+
+    if ( defined $columns ) {
+	fatal_error "Invalid $first entry" if $columns && @line != $columns;
+	return @line 
+    }
 
     fatal_error "Shorewall Configuration file entries may not contain single quotes" if $line =~ /'/;
 

Shorewall-perl/Shorewall/Nat.pm

@@ -268,7 +268,7 @@ sub setup_masq()
 	    $first_entry = 0;
 	}
 
-	my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark ) = split_line 2, 7, 'masq file';
+	my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec, $mark ) = split_line1 2, 7, 'masq file';
 
 	if ( $fullinterface eq 'COMMENT' ) {
 	    process_comment;
@@ -377,7 +377,7 @@ sub setup_nat() {
 	    $first_entry = 0;
 	}
 
-	my ( $external, $interface, $internal, $allints, $localnat ) = split_line 3, 5, 'nat file';
+	my ( $external, $interface, $internal, $allints, $localnat ) = split_line1 3, 5, 'nat file';
 
 	if ( $external eq 'COMMENT' ) {
 	    process_comment;

Shorewall-perl/Shorewall/Rules.pm

@@ -696,7 +696,7 @@ sub setup_mac_lists( $ ) {
 		$first_entry = 0;
 	    }
 
-	    my ( $disposition, $interface, $mac, $addresses  ) = split_line 3, 4, 'maclist file';
+	    my ( $disposition, $interface, $mac, $addresses  ) = split_line1 3, 4, 'maclist file';
 
 	    if ( $disposition eq 'COMMENT' ) {
 		process_comment;
@@ -1257,7 +1257,7 @@ sub process_rules() {
 	    $first_entry = 0;
 	}
 
-	my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark ) = split_line 1, 10, 'rules file';
+	my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark ) = split_line2 1, 10, 'rules file';
 
 	if ( $target eq 'COMMENT' ) {
 	    process_comment;

Shorewall-perl/Shorewall/Tc.pm

@@ -530,7 +530,7 @@ sub setup_tc() {
 		$first_entry = 0;
 	    }
 
-	    my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 2, 10, 'tcrules file';
+	    my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line1 2, 10, 'tcrules file';
 
 	    if ( $mark eq 'COMMENT' ) {
 		process_comment;

Shorewall-perl/Shorewall/Tunnels.pm

@@ -260,7 +260,7 @@ sub setup_tunnels() {
 	    $first_entry = 0;
 	}
 
-	my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 2, 4, 'tunnels file';
+	my ( $kind, $zone, $gateway, $gatewayzones ) = split_line1 2, 4, 'tunnels file';
 
 	if ( $kind eq 'COMMENT' ) {
 	    process_comment;