webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Fix off-by-one error in configuration parser

Browse Source 
The configuration parser determines how many comma-separated
values there are in a line. If new values are added we need
to check first if those are set in every line to avoid any
undefined behaviour. A wrong comparison parameter was used
which caused that the limit feature was never enabled in
the rule generation.
This commit is contained in:
Michael Tremer
2015-01-02 12:20:50 +01:00
parent b56472d49b
commit d6ef5df18e
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
config/firewall/rules.pl
View File

@@ -280,7 +280,7 @@ sub buildrules {
# Concurrent connection limit
my @ratelimit_options = ();
if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
if (($elements ge 34) && ($$hash{$key}[32] eq 'ON')) {
my $conn_limit = $$hash{$key}[33];
if ($conn_limit ge 1) {
@@ -296,13 +296,13 @@ sub buildrules {
}
# Ratelimit
if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
if (($elements ge 37) && ($$hash{$key}[34] eq 'ON')) {
my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
if ($rate_limit) {
push(@ratelimit_options, ("-m", "limit"));
push(@ratelimit_options, ("--limit", $rate_limit));
}
if ($rate_limit) {
push(@ratelimit_options, ("-m", "limit"));
push(@ratelimit_options, ("--limit", $rate_limit));
}
}
# Check which protocols are used in this rule and so that we can