[pve-devel] [PATCH 1/2] parse_port_name_number_or_range fix range check

Alexandre Derumier aderumier at odiso.com
Tue Feb 25 09:44:53 CET 2014


for port range  a:b,

we need to check that b > a

this kind of range is invalid

80:22
80:ssh
http:ssh

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 PVE/Firewall.pm |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index da8b4a2..f5ae88f 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -389,6 +389,7 @@ sub get_etc_services {
 
 	if ($line =~ m!^(\S+)\s+(\S+)/(tcp|udp).*$!) {
 	    $services->{byid}->{$2}->{name} = $1;
+	    $services->{byid}->{$2}->{port} = $2;
 	    $services->{byid}->{$2}->{$3} = 1;
 	    $services->{byname}->{$1} = $services->{byid}->{$2};
 	}
@@ -457,9 +458,13 @@ sub parse_port_name_number_or_range {
     my $nbports = 0;
     foreach my $item (split(/,/, $str)) {
 	my $portlist = "";
+	my $oldpon = undef;
 	foreach my $pon (split(':', $item, 2)) {
+	    $pon = $services->{byname}->{$pon}->{port} if $services->{byname}->{$pon}->{port};
 	    if ($pon =~ m/^\d+$/){
 		die "invalid port '$pon'\n" if $pon < 0 && $pon > 65535;
+		die "port '$pon' must be bigger than port '$oldpon' \n" if $oldpon && ($pon < $oldpon);
+		$oldpon = $pon;
 	    }else{
 		die "invalid port $services->{byname}->{$pon}\n" if !$services->{byname}->{$pon};
 	    }
-- 
1.7.10.4




More information about the pve-devel mailing list