fixes #2565 "Run-time dns name or address table in routing policy ->

crash". Compiler for PF crashed if user placed run-time DNSName object in "destination" of a routing rule.
2026-03-18 17:27:20 +01:00 · 2011-07-21 14:17:48 -07:00 · 2011-07-21 14:17:48 -07:00 · 2b54b4c49b
commit 2b54b4c49b
parent 04d5c68fb3
2 changed files with 36 additions and 14 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,5 +1,10 @@
 2011-07-21  vadim  <vadim@netcitadel.com>

+	* RoutingCompiler.cpp (processNext): fixes #2565 "Run-time dns
+	name or address table in routing policy -> crash". Compiler for PF
+	crashed if user placed run-time DNSName object in "destination"
+	of a routing rule.
+
 	* RuleSetModel.cpp (initRule): see #2515 Expanded set of options
 	the user can change to pre-set parameters in the new policy rules
 	they create. Now user can set default values for action ("Deny" or
--- a/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp
+++ b/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp
@ -257,17 +257,21 @@ bool RoutingCompiler::singleAdressInRGtw::processNext()
 }

 // recursive network validity check
-bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o) {
-    
-    if( Network::cast(o) != NULL) {
+bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o)
+{
+    if( Network::cast(o) != NULL)
+    {
        return ((Network *)o)->isValidRoutingNet();
    }
-    
+
    /* if we have a group containing networks and groups, we want to check them too */
-    if( ObjectGroup::cast(o) != NULL) {
-        
-        FWObjectTypedChildIterator child_i = o->findByType(FWObjectReference::TYPENAME);
-        for ( ; child_i != child_i.end(); ++child_i) {
+    if( ObjectGroup::cast(o) != NULL)
+    {
+        FWObjectTypedChildIterator child_i =
+            o->findByType(FWObjectReference::TYPENAME);
+
+        for ( ; child_i != child_i.end(); ++child_i)
+        {
            FWObjectReference *child_r = FWObjectReference::cast(*child_i);
            assert(child_r);
            FWObject *child = child_r->getPointer();
@ -276,12 +280,16 @@ bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o) {
            ObjectGroup *group;
            
            // Network
-            if ((network=Network::cast(child)) != NULL) {
-                if (checkValidNetwork(network) == false) {
+            if ((network=Network::cast(child)) != NULL)
+            {
+                if (checkValidNetwork(network) == false)
+                {
                    return false;
                }
-            } else if ((group=ObjectGroup::cast(child)) != NULL) { // Group
-                if (checkValidNetwork(group) == false) {
+            } else if ((group=ObjectGroup::cast(child)) != NULL)
+            { // Group
+                if (checkValidNetwork(group) == false)
+                {
                    return false;
                }
            }
@ -301,8 +309,17 @@ bool RoutingCompiler::validateNetwork::processNext()
    RuleElementRDst *dstrel=rule->getRDst();
    FWObject *o = FWReference::cast(dstrel->front())->getPointer();
     
-    if( checkValidNetwork(o) == false) {
-    
+    // currently we do not support run-time DNSName and AddressTable objects
+    // in routing rules.
+    MultiAddress *ma = MultiAddress::cast(o);
+    if (ma && ma->isRunTime()) 
+    {
+        compiler->abort(rule, "Use of dynamic run-time objects "
+                        "as destination in routing rules is not supported.");
+    }
+
+    if( checkValidNetwork(o) == false)
+    {
        string msg;
        msg = "Object \"" + o->getName() +
            "\" used as destination in the routing rule " +