On 5/29/2015 4:33 PM, Steven Jan Springl wrote: > The following rules file entry: > > NFQUEUE(,bypass) lan fw icmp 8 > > produces the following messages: > > Use of uninitialized value $_[0] in lc > at /usr/share/shorewall/Shorewall/Config.pm line 1401, <$currentfile> > line 23. > > Use of uninitialized value $queue1 in concatenation (.) or > string at /usr/share/shorewall/Shorewall/Rules.pm line 494, > <$currentfile> line 23. Please see if you can break it with the attached patch :-)
Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Rules.pm
b/Shorewall/Perl/Shorewall/Rules.pm
index bf3c963..5176a1d 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -475,28 +475,36 @@ sub process_default_action( $$$$ ) {
sub handle_nfqueue( $$ ) {
my ($params, $allow_bypass ) = @_;
my $action;
+ my ( $queue1, $queue2, $queuenum1, $queuenum2 );
require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' );
- my ( $queue, $bypass ) = split ',', $params;
+ $params = '' unless defined $params;
- if ( $queue eq 'bypass' ) {
- fatal_error "'bypass' is not allowed in this context" unless
$allow_bypass;
- fatal_error "Invalid NFQUEUE options (bypass,$bypass)" if supplied
$bypass;
- return 'NFQUEUE --queue-bypass';
- }
+ my ( $queue, $bypass, $junk ) = split ',', $params;
- my ( $queue1, $queue2 ) = split ':', $queue;
+ fatal_error "Invalid NFQUEUE parameter list" if defined $junk;
- my $queuenum1 = numeric_value( $queue1 );
- my $queuenum2;
+ if ( supplied $queue ) {
+ if ( $queue eq 'bypass' ) {
+ fatal_error "'bypass' is not allowed in this context" unless
$allow_bypass;
+ fatal_error "Invalid NFQUEUE options (bypass,$bypass)" if supplied
$bypass;
+ return 'NFQUEUE --queue-bypass';
+ }
- fatal_error "Invalid NFQUEUE queue number ($queue1)" unless defined(
$queuenum1) && $queuenum1 >= 0 && $queuenum1 <= 65535;
+ ( $queue1, $queue2 ) = split ':', $queue;
- if ( supplied $queue2 ) {
- $queuenum2 = numeric_value( $queue2 );
+ $queuenum1 = numeric_value( $queue1 );
- fatal_error "Invalid NFQUEUE queue number ($queue2)" unless defined(
$queuenum2) && $queuenum2 >= 0 && $queuenum2 <= 65535 && $queuenum1 <
$queuenum2;
+ fatal_error "Invalid NFQUEUE queue number ($queue1)" unless defined(
$queuenum1) && $queuenum1 >= 0 && $queuenum1 <= 65535;
+
+ if ( supplied $queue2 ) {
+ $queuenum2 = numeric_value( $queue2 );
+
+ fatal_error "Invalid NFQUEUE queue number ($queue2)" unless
defined( $queuenum2) && $queuenum2 >= 0 && $queuenum2 <= 65535 && $queuenum1 <
$queuenum2;
+ }
+ } else {
+ $queuenum1 = 0;
}
if ( supplied $bypass ) {
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
