[pve-devel] [PATCH 1/2] parse_port_name_number_or_range fix range check
Alexandre Derumier
aderumier at odiso.com
Tue Feb 25 09:44:53 CET 2014
for port range a:b,
we need to check that b > a
this kind of range is invalid
80:22
80:ssh
http:ssh
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
PVE/Firewall.pm | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index da8b4a2..f5ae88f 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -389,6 +389,7 @@ sub get_etc_services {
if ($line =~ m!^(\S+)\s+(\S+)/(tcp|udp).*$!) {
$services->{byid}->{$2}->{name} = $1;
+ $services->{byid}->{$2}->{port} = $2;
$services->{byid}->{$2}->{$3} = 1;
$services->{byname}->{$1} = $services->{byid}->{$2};
}
@@ -457,9 +458,13 @@ sub parse_port_name_number_or_range {
my $nbports = 0;
foreach my $item (split(/,/, $str)) {
my $portlist = "";
+ my $oldpon = undef;
foreach my $pon (split(':', $item, 2)) {
+ $pon = $services->{byname}->{$pon}->{port} if $services->{byname}->{$pon}->{port};
if ($pon =~ m/^\d+$/){
die "invalid port '$pon'\n" if $pon < 0 && $pon > 65535;
+ die "port '$pon' must be bigger than port '$oldpon' \n" if $oldpon && ($pon < $oldpon);
+ $oldpon = $pon;
}else{
die "invalid port $services->{byname}->{$pon}\n" if !$services->{byname}->{$pon};
}
--
1.7.10.4
More information about the pve-devel
mailing list