diff options
| author | Phil Davis <phil.davis@inf.org> | 2017-03-26 14:06:00 +0545 |
|---|---|---|
| committer | Phil Davis <phil.davis@inf.org> | 2017-03-26 14:06:00 +0545 |
| commit | 7e50d1e7357e4b9dc8a4283971c8bfe0312c5d8b (patch) | |
| tree | f6a44326b989def20018aec69fbc1d12511533cb /src | |
| parent | 810d47c9b2ace51ca4928cccbe840009d715b1f9 (diff) | |
| download | pfsense-7e50d1e7357e4b9dc8a4283971c8bfe0312c5d8b.zip pfsense-7e50d1e7357e4b9dc8a4283971c8bfe0312c5d8b.tar.gz | |
Redmine #7428 Hanlde empty port alias
Diffstat (limited to 'src')
| -rw-r--r-- | src/etc/inc/filter.inc | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 241de81..7f64540 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -2710,18 +2710,36 @@ function filter_generate_user_rule($rule) { return "# {$error_text}"; } if ($rule['source']['port'] - && !(is_portrange(str_replace("-", ":", $rule['source']['port'])) - || alias_expand($rule['source']['port']))) { - $error_text = sprintf(gettext("Unresolvable source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); - file_notice("Filter_Reload", $error_text); - return "# {$error_text}"; + && !is_portorrange(str_replace("-", ":", $rule['source']['port']))) { + $error_text = ""; + + // It is not a literal port or port range, so alias should exist, and expand to something non-empty + if (!alias_expand($rule['source']['port'])) { + $error_text = sprintf(gettext("Unresolvable source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); + } else if (trim(filter_generate_nested_alias($rule['source']['port'])) == "") { + $error_text = sprintf(gettext("Empty source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); + } + + if ($error_text) { + file_notice("Filter_Reload", $error_text); + return "# {$error_text}"; + } } if ($rule['destination']['port'] - && !(is_portrange(str_replace("-", ":", $rule['destination']['port'])) - || alias_expand($rule['destination']['port']))) { - $error_text = sprintf(gettext("Unresolvable destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); - file_notice("Filter_Reload", $error_text); - return "# {$error_text}"; + && !is_portorrange(str_replace("-", ":", $rule['destination']['port']))) { + $error_text = ""; + + // It is not a literal port or port range, so alias should exist, and expand to something non-empty + if (!alias_expand($rule['destination']['port'])) { + $error_text = sprintf(gettext("Unresolvable destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); + } else if (trim(filter_generate_nested_alias($rule['destination']['port'])) == "") { + $error_text = sprintf(gettext("Empty destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); + } + + if ($error_text) { + file_notice("Filter_Reload", $error_text); + return "# {$error_text}"; + } } update_filter_reload_status(gettext("Setting up pass/block rules")); $type = $rule['type']; |
