From 998f77a81fd256a78f21e2af9a91be9bac1eb35e Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 11 Mar 2010 12:58:01 -0500 Subject: Fix EasyRule port check so it is only tested when the protocol is TCP or UDP. Resolves #412 While I'm here, make EasyRule put a description in when writing the config so it shows up properly in the config history. --- usr/local/www/easyrule.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'usr/local/www/easyrule.php') diff --git a/usr/local/www/easyrule.php b/usr/local/www/easyrule.php index 8c860da..69420d8 100644 --- a/usr/local/www/easyrule.php +++ b/usr/local/www/easyrule.php @@ -2,8 +2,8 @@ /* easyrule.php - Copyright (C) 2009 Jim Pingle (jpingle@gmail.com) - Sponsored By Anathematic @ pfSense Forums + Copyright (C) 2009-2010 Jim Pingle (jpingle@gmail.com) + Originally Sponsored By Anathematic @ pfSense Forums All rights reserved. Redistribution and use in source and binary forms, with or without @@ -40,6 +40,7 @@ require_once("shaper.inc"); $retval = 0; $message = ""; $specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn"); +$protocols_with_ports = array('tcp', 'udp'); if ($_GET && isset($_GET['action'])) { switch ($_GET['action']) { @@ -85,17 +86,18 @@ if ($_GET && isset($_GET['action'])) { $message .= "Tried to pass invalid destination IP: " . htmlspecialchars($_GET['dst']) . "
"; break; } - if (($_GET['proto'] != 'icmp') && !isset($_GET['dstport'])) { - $message .= "Missing destination port: " . htmlspecialchars($_GET['dstport']) . "
"; - break; - } - if ($_GET['proto'] == 'icmp') { + if (in_array($_GET['proto'], $protocols_with_ports)) { + if (!isset($_GET['dstport'])) { + $message .= "Missing destination port: " . htmlspecialchars($_GET['dstport']) . "
"; + break; + } + if (!is_port($_GET['dstport'])) { + $message .= "Tried to pass invalid destination port: " . htmlspecialchars($_GET['dstport']) . "
"; + break; + } + } else { $_GET['dstport'] = 0; } - if (!is_numeric($_GET['dstport']) || ($_GET['dstport'] < 0) || ($_GET['dstport'] > 65536)) { - $message .= "Tried to pass invalid destination port: " . htmlspecialchars($_GET['dstport']) . "
"; - break; - } /* Should have valid input... */ if (easyrule_pass_rule_add($_GET['int'], $_GET['proto'], $_GET['src'], $_GET['dst'], $_GET['dstport'])) { /* Shouldn't get here, the function should redirect. */ -- cgit v1.1