fixes SF bug #3414382 "Segfault in fwb_ipt dealing with empty

groups". Compiler for iptables used to crash when an empty group was used in the "Interface" column of a policy rule.
2026-03-25 04:37:22 +01:00 · 2011-09-29 13:46:41 -07:00 · 2011-09-29 13:46:41 -07:00 · f1153c4dc6
commit f1153c4dc6
parent 892f863523
5 changed files with 28 additions and 3 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,10 @@
+2011-09-29  Vadim Kurland  <vadim@netcitadel.com>
+
+	* PolicyCompiler_ipt.cpp (compile): fixes SF bug #3414382
+	"Segfault in fwb_ipt dealing with empty groups". Compiler for
+	iptables used to crash when an empty group was used in the
+	"Interface" column of a policy rule.
+
 2011-09-24  Vadim Kurland  <vadim@netcitadel.com>

 	* NamedObjectsAndGroupsSupport.cpp (CreateObjectGroups::processNext):
--- a/src/iptlib/PolicyCompiler_ipt.cpp
+++ b/src/iptlib/PolicyCompiler_ipt.cpp
@ -4390,6 +4390,7 @@ void PolicyCompiler_ipt::compile()

    add( new Logging1("check global logging override option"));

+    add( new emptyGroupsInItf("check for empty groups in Itf"));
    add( new expandGroupsInItf("expand groups in Interface" ));
    add( new replaceClusterInterfaceInItf(
             "replace cluster interfaces with member interfaces in the Interface rule element"));
--- a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h
+++ b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h
@ -381,6 +381,17 @@ namespace fwcompiler {
                emptyGroupsInRE(n,libfwbuilder::RuleElementSrv::TYPENAME) {}
        };

+        /**
+         *  deals with empty groups in Itf. See description for
+         *  Compiler::emptyGroupsInRE
+         */
+        class emptyGroupsInItf : public Compiler::emptyGroupsInRE
+        {
+            public:
+            emptyGroupsInItf(const std::string &n) :
+                emptyGroupsInRE(n,libfwbuilder::RuleElementItf::TYPENAME) {}
+        };
+

 	/**
 	 * checks for host and network objects with address 0.0.0.0
--- a/src/res/help/en_US/release_notes_5.0.1.html
+++ b/src/res/help/en_US/release_notes_5.0.1.html
@ -219,7 +219,13 @@
    </p>
  </li>

-
+  <li>
+    <p>
+      fixes SF bug #3414382 "Segfault in fwb_ipt dealing with empty
+      groups". Compiler for iptables used to crash when an empty group
+      was used in the "Interface" column of a policy rule.
+    </p>
+  </li>
 </ul>


--- a/test/ipt/rc.firewall.local
+++ b/test/ipt/rc.firewall.local
@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v5.0.1.3575
+#  Firewall Builder  fwb_ipt v5.0.1.3580
 #
-#  Generated Thu Aug 25 13:48:52 2011 PDT by vadim
+#  Generated Thu Sep 29 13:42:59 2011 PDT by vadim
 #
 # files: * rc.firewall.local /etc/rc.d//rc.firewall.local
 #