Re: [Shorewall-devel] Shorewall 5.0.13 RC 2

Sun, 16 Oct 2016 13:15:07 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/16/2016 12:49 PM, Steven Jan Springl wrote:
> Tom
> 
> Rule
> 
> ACCEPT    lan    fw    tcp    tacacs-ds:krb_prop
> 
> Produces the following error message:
> 
> ERROR: Invalid port range (tacacs-ds:krb_prop)
> 
> This worked in previous releases.
> 

The attached patch corrects the problem by restricting '-' as a
port-range delimiter to the case where port numbers are used rather
than service names.

Thanks Steve,

- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJYA9+jAAoJEJbms/JCOk0Qs8sQALDCDve+xLJaQTMGu2QJe5PD
3GIYf1RpsDG0Su6b3Rt0iMUFGWo2REfEEGGW0SxO3heHMY5IFRmurgYDd5Eff1/o
HKgd92W/1uqn43kbmhqWU2tqxyEqQqMMEdRKfroGDczve6A/7bW2dayvL89E3f0j
HqQHANzkL+wJKYAiPdJGdYZ9xj1wrqSoP9cToH+iS/IgAawk6xD9HBT191DGQC90
Zp+GzHjtDz44NbkxeN0Qoer5N3damh0dWcl75PqgJJaJe07jfj21AzOvTMNaot3X
QmRo7s4LcOXf8GTwZjf1qP+ahrL0u4Mo424MpVZblwbhc2YY6DQMpZVBXK3n4ZiJ
nIUjzB2/skQSttUvlYvEkVQynFwW/vka+2PDgpZkqVert/HSh4s9/+3as0oPS9Gz
haE0RAOoQfwWfy2Kl4PR/5LNpJbFeti+By/FKoN/xVG0sFUhXzuGyHgwwL/lAO/6
EmolyXbvlJ0NRwvRvRQ9CwI+B8mFfZSvDHFk/ClTGe0H30afnvkymVv6IIelRYzn
CaM+LLY46U6TGBoEjzYrVqm/5fh+utEGK6GxmlSQ9YlKgLI/HdQ1Ssff5LnloQLS
hAKNen9kh/ap02H6Ii9N860K9Sm3lLw+eJMQIyKKW4kqmPVaeRczVVYhhGcVx3Q9
q4ziI+5mkoSRPrfVGFUN
=wjPy
-----END PGP SIGNATURE-----

diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm
index 2d1ae26..b358848 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -436,7 +436,7 @@ sub validate_portpair( $$ ) {
     #
     # Accept '-' as a port-range separator
     #
-    $pair =~ tr/-/:/;
+    $pair =~ tr/-/:/ if $pair =~ /^[-0-9]+$/;
 
     fatal_error "Invalid port range ($portpair)" if $pair =~ tr/:/:/ > 1;
 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to