summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-09-10 17:02:44 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-09-10 17:02:44 -0300
commit9060f420a9444c68fc8db926787d0bb37d77ed72 (patch)
treebb1f2a7ab491f4ecf160d486833560a16c3e6471
parent846dc21c3d6dd134faa9641715f203458d80add5 (diff)
downloadpfsense-9060f420a9444c68fc8db926787d0bb37d77ed72.zip
pfsense-9060f420a9444c68fc8db926787d0bb37d77ed72.tar.gz
Change is_port() to only validate a single port, we have is_portrange() for specific cases. Make necessary adjustments after check all is_port() calls. It fixes #3857
-rw-r--r--etc/inc/filter.inc2
-rw-r--r--etc/inc/util.inc17
-rwxr-xr-xusr/local/www/firewall_aliases_edit.php2
3 files changed, 9 insertions, 12 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index e325e56..38680f7 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -506,7 +506,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr
else if(!isset($aliasnesting[$address]))
$tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting);
} else if(!isset($aliasaddrnesting[$address])) {
- if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && is_hostname($address)) {
+ if (!is_ipaddr($address) && !is_subnet($address) && !is_port($address) && !is_portrange($address) && is_hostname($address)) {
if (!isset($filterdns["{$address}{$name}"]))
$filterdns["{$address}{$name}"] = "pf {$address} {$name}\n";
continue;
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 402ef3e..e672970 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -677,15 +677,12 @@ function is_validaliasname($name) {
/* returns true if $port is a valid TCP/UDP port */
function is_port($port) {
- $tmpports = explode(":", $port);
- foreach($tmpports as $tmpport) {
- if (getservbyname($tmpport, "tcp") || getservbyname($tmpport, "udp"))
- continue;
- if (!ctype_digit($tmpport))
- return false;
- else if ((intval($tmpport) < 1) || (intval($tmpport) > 65535))
- return false;
- }
+ if (getservbyname($port, "tcp") || getservbyname($port, "udp"))
+ return true;
+ if (!ctype_digit($port))
+ return false;
+ else if ((intval($port) < 1) || (intval($port) > 65535))
+ return false;
return true;
}
@@ -1255,7 +1252,7 @@ function alias_expand($name) {
if (isset($aliastable[$name]))
return "\${$name}";
- else if (is_ipaddr($name) || is_subnet($name) || is_port($name))
+ else if (is_ipaddr($name) || is_subnet($name) || is_port($name) || is_portrange($name))
return "{$name}";
else
return null;
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php
index 3479e8d..fc35612 100755
--- a/usr/local/www/firewall_aliases_edit.php
+++ b/usr/local/www/firewall_aliases_edit.php
@@ -294,7 +294,7 @@ if ($_POST) {
preg_match("/urltable/i", alias_get_type($_POST["address{$x}"]))))
$wrongaliases .= " " . $_POST["address{$x}"];
} else if ($_POST['type'] == "port") {
- if (!is_port($_POST["address{$x}"]))
+ if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"]))
$input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias.");
} else if ($_POST['type'] == "host" || $_POST['type'] == "network") {
if (is_subnet($_POST["address{$x}"]) || (!is_ipaddr($_POST["address{$x}"])
OpenPOWER on IntegriCloud