[pve-devel] [PATCH firewall 1/2] fix #2005: only allow ascii port digits

Dominik Csapak d.csapak at proxmox.com
Fri Nov 30 09:53:49 CET 2018


perl accepts non-ascii digits for \d like U+09EA
which do not work with iptables

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
 src/PVE/Firewall.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index ef00d0c..035dc7e 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1049,12 +1049,12 @@ sub parse_port_name_number_or_range {
     my @elements = split(/,/, $str);
     die "extraneous commas in list\n" if $str ne join(',', @elements);
     foreach my $item (@elements) {
-	if ($item =~ m/^(\d+):(\d+)$/) {
+	if ($item =~ m/^([0-9]+):([0-9]+)$/) {
 	    $count += 2;
 	    my ($port1, $port2) = ($1, $2);
 	    die "invalid port '$port1'\n" if $port1 > 65535;
 	    die "invalid port '$port2'\n" if $port2 > 65535;
-	} elsif ($item =~ m/^(\d+)$/) {
+	} elsif ($item =~ m/^([0-9]+)$/) {
 	    $count += 1;
 	    my $port = $1;
 	    die "invalid port '$port'\n" if $port > 65535;
-- 
2.11.0





More information about the pve-devel mailing list