From 5b7e3a4c28af60dad4c2217af1a38988b272963d Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Sun, 26 Mar 2017 13:44:27 +0545 Subject: Provide functions for checking port range alias combinations --- src/etc/inc/filter.inc | 2 +- src/etc/inc/pfsense-utils.inc | 2 +- src/etc/inc/util.inc | 12 +++++++++++- src/usr/local/www/firewall_aliases_edit.php | 2 +- src/usr/local/www/firewall_aliases_import.php | 2 +- src/usr/local/www/firewall_nat_out_edit.php | 6 +++--- 6 files changed, 18 insertions(+), 8 deletions(-) diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index bc04d9a..2aaec93 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -655,7 +655,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting, $use_filterdns); } } else if (!isset($aliasaddrnesting[$address])) { - if (!is_ipaddr($address) && !is_subnet($address) && !((($alias_type == 'port') || ($alias_type == 'url_ports')) && (is_port($address) || is_portrange($address))) && is_hostname($address)) { + if (!is_ipaddr($address) && !is_subnet($address) && !((($alias_type == 'port') || ($alias_type == 'url_ports')) && is_portorrange($address)) && is_hostname($address)) { if (!isset($filterdns["{$address}{$name}"])) { $use_filterdns = true; $filterdns["{$address}{$name}"] = "pf {$address} {$name}\n"; diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index d822132..85d37d6 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -2241,7 +2241,7 @@ function parse_aliases_file($filename, $type = "url", $max_items = -1, $kflc = f $tmp = $tmp_str; } $valid = (($type == "url" || $type == "urltable") && (is_ipaddr($tmp) || is_subnet($tmp))) || - (($type == "url_ports" || $type == "urltable_ports") && (is_port($tmp) || is_portrange($tmp))); + (($type == "url_ports" || $type == "urltable_ports") && is_portorrange($tmp)); if ($valid) { $items[] = $tmp; if (count($items) == $max_items) { diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index e685c06..fb21396 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1161,6 +1161,11 @@ function is_portrange($portrange) { return (count($ports) == 2 && is_port($ports[0]) && is_port($ports[1])); } +/* returns true if $port is a valid TCP/UDP port number or range (":") */ +function is_portorrange($port) { + return (is_port($port) || is_portrange($port)); +} + /* returns true if $port is a valid port number or an alias thereof */ function is_portoralias($port) { global $config; @@ -1179,6 +1184,11 @@ function is_portoralias($port) { } } +/* returns true if $port is a valid TCP/UDP port number or range (":") or an alias thereof */ +function is_portorrangeoralias($port) { + return (is_portoralias($port) || is_portrange($port)); +} + /* create ranges of sequential port numbers (200:215) and remove duplicates */ function group_ports($ports, $kflc = false) { if (!is_array($ports) || empty($ports)) { @@ -1817,7 +1827,7 @@ function alias_expand($name) { } } return "\${$name}"; - } else if (is_ipaddr($name) || is_subnet($name) || is_port($name) || is_portrange($name)) { + } else if (is_ipaddr($name) || is_subnet($name) || is_portorrange($name)) { return "{$name}"; } else { return null; diff --git a/src/usr/local/www/firewall_aliases_edit.php b/src/usr/local/www/firewall_aliases_edit.php index f62bea0..b370b72 100644 --- a/src/usr/local/www/firewall_aliases_edit.php +++ b/src/usr/local/www/firewall_aliases_edit.php @@ -463,7 +463,7 @@ if ($_POST) { } } } else if ($_POST['type'] == "port") { - if (!is_port($input_address) && !is_portrange($input_address)) { + if (!is_portorrange($input_address)) { $input_errors[] = sprintf(gettext("%s is not a valid port or alias."), $input_address); } } else if ($_POST['type'] == "host" || $_POST['type'] == "network") { diff --git a/src/usr/local/www/firewall_aliases_import.php b/src/usr/local/www/firewall_aliases_import.php index e5695cf..f59db15 100644 --- a/src/usr/local/www/firewall_aliases_import.php +++ b/src/usr/local/www/firewall_aliases_import.php @@ -153,7 +153,7 @@ if ($_POST) { if ($tab == "port") { // Port alias if (!empty($impip)) { - if (is_port($impip) || is_portrange($impip)) { + if (is_portorrange($impip)) { $imported_ips[] = $impip; $imported_descs[] = $impdesc; } else { diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index aa23717..7b28e7a 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -206,15 +206,15 @@ if ($_POST) { $_POST['natport'] = trim($_POST['natport']); } - if ($protocol_uses_ports && $_POST['sourceport'] <> "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport']))) { + if ($protocol_uses_ports && $_POST['sourceport'] <> "" && !is_portorrangeoralias($_POST['sourceport'])) { $input_errors[] = gettext("A valid port or port alias must be supplied for the source port entry."); } - if ($protocol_uses_ports && $_POST['dstport'] <> "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) { + if ($protocol_uses_ports && $_POST['dstport'] <> "" && !is_portorrangeoralias($_POST['dstport'])) { $input_errors[] = gettext("A valid port or port alias must be supplied for the destination port entry."); } - if ($protocol_uses_ports && $_POST['natport'] <> "" && !(is_portoralias($_POST['natport']) || is_portrange($_POST['natport'])) && !isset($_POST['nonat'])) { + if ($protocol_uses_ports && $_POST['natport'] <> "" && !is_portorrangeoralias($_POST['natport']) && !isset($_POST['nonat'])) { $input_errors[] = gettext("A valid port must be supplied for the NAT port entry."); } -- cgit v1.1