holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Raise an error if a protocol other than TCP is passed to a TCP-only inline

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-01-29 07:46:50 -08:00
parent 670931c987
commit f33e36b61e
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2443,9 +2443,13 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$$ ) {
fatal_error "Macro/Inline invocations nested too deeply" if ++$macro_nest_level > MAX_MACRO_NEST_LEVEL; fatal_error "Macro/Inline invocations nested too deeply" if ++$macro_nest_level > MAX_MACRO_NEST_LEVEL;
$current_param = $param unless $param eq '' || $param eq 'PARAM'; $current_param = $param unless $param eq '' || $param eq 'PARAM';
#
# Push the current column array onto the column stack
#
push @columnstack, [ ( @columns ) ]; push @columnstack, [ ( @columns ) ];
#
# And store the (modified) columns into the columns array for use by perl_action[_tcp]_helper
#
@columns = ( $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ); @columns = ( $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard );
my $generated = process_inline( $basictarget, my $generated = process_inline( $basictarget,
@ -2704,6 +2708,10 @@ sub perl_action_tcp_helper($$) {
assert( $chainref ); assert( $chainref );
if ( $inlines{$action} ) { if ( $inlines{$action} ) {
my $passedproto = $columns[2];
fatal_error "Invalid PROTO ($passedproto) for the $action action" unless $passedproto eq '-' || $passedproto eq 'tcp' || $passedproto eq '6';
$result = &process_rule1( $chainref, $result = &process_rule1( $chainref,
$proto, $proto,
$target, $target,