diff options
author | Chris Buechler <cmb@pfsense.org> | 2016-02-19 22:59:14 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2016-02-19 23:00:21 -0600 |
commit | 2ec7ab35dfd1592d3ad7f543878db7b3aad58457 (patch) | |
tree | 2c98f6b4ced3718ec6883b6b0a1e4e844d9f859f /src | |
parent | 6d575d47d9ac5e6b2f4b99457f5513d969bfa22d (diff) | |
download | pfsense-2ec7ab35dfd1592d3ad7f543878db7b3aad58457.zip pfsense-2ec7ab35dfd1592d3ad7f543878db7b3aad58457.tar.gz |
Validate URL table ports aliases exist before using them in a rule. Ticket #5845
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/util.inc | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 92149ff..a696494 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1701,13 +1701,27 @@ function alias_get_type($name) { /* expand a host or network alias, if necessary */ function alias_expand($name) { - global $aliastable; + global $config, $aliastable; + $urltable_prefix = "/var/db/aliastables/"; + $urltable_filename = $urltable_prefix . $name . ".txt"; if (isset($aliastable[$name])) { // alias names cannot be strictly numeric. redmine #4289 if (is_numericint($name)) { return null; } + // make sure if it's a ports alias, it actually exists. redmine #5845 + foreach ($config['aliases']['alias'] as $alias) { + if ($alias['name'] == $name) { + if ($alias['type'] == "urltable_ports") { + if (is_URL($alias['url']) && file_exists($urltable_filename) && filesize($urltable_filename)) { + return "\${$name}"; + } else { + return null; + } + } + } + } return "\${$name}"; } else if (is_ipaddr($name) || is_subnet($name) || is_port($name) || is_portrange($name)) { return "{$name}"; |