diff options
| author | Phil Davis <phil.davis@inf.org> | 2017-03-26 14:06:00 +0545 |
|---|---|---|
| committer | Phil Davis <phil.davis@inf.org> | 2017-03-26 14:25:40 +0545 |
| commit | 0ea3b521fdbe08933f0969e717125953c303f2c1 (patch) | |
| tree | cee85e2c5618beba0dcccefc16cba25ff6a041d3 | |
| parent | 223ab494dd8e78fce1d1b5415d25da11c2fa3868 (diff) | |
| download | pfsense-0ea3b521fdbe08933f0969e717125953c303f2c1.zip pfsense-0ea3b521fdbe08933f0969e717125953c303f2c1.tar.gz | |
Redmine #7428 Hanlde empty port alias
| -rw-r--r-- | src/etc/inc/filter.inc | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 5c4403b..48187e6 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -2737,18 +2737,36 @@ function filter_generate_user_rule($rule) { return "# {$error_text}"; } if ($rule['source']['port'] - && !(is_portrange(str_replace("-", ":", $rule['source']['port'])) - || alias_expand($rule['source']['port']))) { - $error_text = sprintf(gettext("Unresolvable source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); - file_notice("Filter_Reload", $error_text); - return "# {$error_text}"; + && !is_portorrange(str_replace("-", ":", $rule['source']['port']))) { + $error_text = ""; + + // It is not a literal port or port range, so alias should exist, and expand to something non-empty + if (!alias_expand($rule['source']['port'])) { + $error_text = sprintf(gettext("Unresolvable source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); + } else if (trim(filter_generate_nested_alias($rule['source']['port'])) == "") { + $error_text = sprintf(gettext("Empty source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); + } + + if ($error_text) { + file_notice("Filter_Reload", $error_text); + return "# {$error_text}"; + } } if ($rule['destination']['port'] - && !(is_portrange(str_replace("-", ":", $rule['destination']['port'])) - || alias_expand($rule['destination']['port']))) { - $error_text = sprintf(gettext("Unresolvable destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); - file_notice("Filter_Reload", $error_text); - return "# {$error_text}"; + && !is_portorrange(str_replace("-", ":", $rule['destination']['port']))) { + $error_text = ""; + + // It is not a literal port or port range, so alias should exist, and expand to something non-empty + if (!alias_expand($rule['destination']['port'])) { + $error_text = sprintf(gettext("Unresolvable destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); + } else if (trim(filter_generate_nested_alias($rule['destination']['port'])) == "") { + $error_text = sprintf(gettext("Empty destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); + } + + if ($error_text) { + file_notice("Filter_Reload", $error_text); + return "# {$error_text}"; + } } update_filter_reload_status(gettext("Setting up pass/block rules")); $type = $rule['type']; |
