[pve-devel] aplied: [PATCH v2 firewall] check multiport limit in port ranges

Dietmar Maurer dietmar at proxmox.com
Thu Mar 8 12:20:59 CET 2018 

applied - and thanks for the cleanup!

> On March 8, 2018 at 12:06 PM Wolfgang Bumiller <w.bumiller at proxmox.com> wrote:
> 
> 
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
> Changes:
>   We don't actually use the returned $count for anything other than
>   checking whether it's >1 to know whether to use `--match multiport`.
>   This still works when counting ranges as 2.
> 
>  src/PVE/Firewall.pm | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> index 2feac54..bc3d9fe 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -1035,12 +1035,13 @@ sub parse_port_name_number_or_range {
>      my @elements = split(/,/, $str);
>      die "extraneous commas in list\n" if $str ne join(',', @elements);
>      foreach my $item (@elements) {
> -	$count++;
>  	if ($item =~ m/^(\d+):(\d+)$/) {
> +	    $count += 2;
>  	    my ($port1, $port2) = ($1, $2);
>  	    die "invalid port '$port1'\n" if $port1 > 65535;
>  	    die "invalid port '$port2'\n" if $port2 > 65535;
>  	} elsif ($item =~ m/^(\d+)$/) {
> +	    $count += 1;
>  	    my $port = $1;
>  	    die "invalid port '$port'\n" if $port > 65535;
>  	} else {
> @@ -1054,7 +1055,13 @@ sub parse_port_name_number_or_range {
>  	}
>      }
>  
> -    die "ICPM ports not allowed in port range\n" if $icmp_port && $count > 1;
> +    die "ICPM ports not allowed in port range\n" if $icmp_port && $count > 0;
> +
> +    # I really don't like to use the word number here, but it's the only
> thing
> +    # that makes sense in a literal way. The range 1:100 counts as 2, not as
> +    # one and not as 100...
> +    die "too many entries in port list (> 15 numbers)\n"
> +	if $count > 15;
>  
>      return $count;
>  }
> -- 
> 2.11.0
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list