onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity

fixes #2565 "Run-time dns name or address table in routing policy ->

Browse Source 
crash". Compiler for PF crashed if user placed run-time DNSName object
in "destination" of a routing rule.
This commit is contained in:
Vadim Kurland 2011-07-21 14:17:48 -07:00
parent 04d5c68fb3
commit 2b54b4c49b
2 changed files with 36 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/ChangeLog
View File

@ -1,5 +1,10 @@
2011-07-21 vadim <vadim@netcitadel.com> 2011-07-21 vadim <vadim@netcitadel.com>
* RoutingCompiler.cpp (processNext): fixes #2565 "Run-time dns
name or address table in routing policy -> crash". Compiler for PF
crashed if user placed run-time DNSName object in "destination"
of a routing rule.
* RuleSetModel.cpp (initRule): see #2515 Expanded set of options * RuleSetModel.cpp (initRule): see #2515 Expanded set of options
the user can change to pre-set parameters in the new policy rules the user can change to pre-set parameters in the new policy rules
they create. Now user can set default values for action ("Deny" or they create. Now user can set default values for action ("Deny" or

45
src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp
View File

@ -257,17 +257,21 @@ bool RoutingCompiler::singleAdressInRGtw::processNext()
} }
// recursive network validity check // recursive network validity check
bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o) { bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o)
{
if( Network::cast(o) != NULL) { if( Network::cast(o) != NULL)
{
return ((Network *)o)->isValidRoutingNet(); return ((Network *)o)->isValidRoutingNet();
} }
/* if we have a group containing networks and groups, we want to check them too */ /* if we have a group containing networks and groups, we want to check them too */
if( ObjectGroup::cast(o) != NULL) { if( ObjectGroup::cast(o) != NULL)
{
FWObjectTypedChildIterator child_i = o->findByType(FWObjectReference::TYPENAME); FWObjectTypedChildIterator child_i =
for ( ; child_i != child_i.end(); ++child_i) { o->findByType(FWObjectReference::TYPENAME);
for ( ; child_i != child_i.end(); ++child_i)
{
FWObjectReference *child_r = FWObjectReference::cast(*child_i); FWObjectReference *child_r = FWObjectReference::cast(*child_i);
assert(child_r); assert(child_r);
FWObject *child = child_r->getPointer(); FWObject *child = child_r->getPointer();
@ -276,12 +280,16 @@ bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o) {
ObjectGroup *group; ObjectGroup *group;
// Network // Network
if ((network=Network::cast(child)) != NULL) { if ((network=Network::cast(child)) != NULL)
if (checkValidNetwork(network) == false) { {
if (checkValidNetwork(network) == false)
{
return false; return false;
} }
} else if ((group=ObjectGroup::cast(child)) != NULL) { // Group } else if ((group=ObjectGroup::cast(child)) != NULL)
if (checkValidNetwork(group) == false) { { // Group
if (checkValidNetwork(group) == false)
{
return false; return false;
} }
} }
@ -301,8 +309,17 @@ bool RoutingCompiler::validateNetwork::processNext()
RuleElementRDst *dstrel=rule->getRDst(); RuleElementRDst *dstrel=rule->getRDst();
FWObject *o = FWReference::cast(dstrel->front())->getPointer(); FWObject *o = FWReference::cast(dstrel->front())->getPointer();
if( checkValidNetwork(o) == false) { // currently we do not support run-time DNSName and AddressTable objects
// in routing rules.
MultiAddress *ma = MultiAddress::cast(o);
if (ma && ma->isRunTime())
{
compiler->abort(rule, "Use of dynamic run-time objects "
"as destination in routing rules is not supported.");
}
if( checkValidNetwork(o) == false)
{
string msg; string msg;
msg = "Object \"" + o->getName() + msg = "Object \"" + o->getName() +
"\" used as destination in the routing rule " + "\" used as destination in the routing rule " +