Add more validation of firewall network-group before calling ipset.

author: Stig Thormodsrud <stig@io.vyatta.com> 2009-02-10 16:30:32 -0800
committer: Stig Thormodsrud <stig@io.vyatta.com> 2009-02-10 16:30:32 -0800
commit: 586f847fd9c6fb94fd794029e90351b4ff6f7e05 (patch)
tree: ce0f8140b052fd64d599327dc6c59576ab7e5061 /lib/Vyatta/IpTables/IpSet.pm
parent: 9887700a0bcc22d646090ad263bff6b0895fb77c (diff)
download: vyatta-cfg-firewall-586f847fd9c6fb94fd794029e90351b4ff6f7e05.tar.gz
vyatta-cfg-firewall-586f847fd9c6fb94fd794029e90351b4ff6f7e05.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm
index 80e20bb..f6452d9 100755
--- a/lib/Vyatta/IpTables/IpSet.pm
+++ b/lib/Vyatta/IpTables/IpSet.pm
@@ -165,12 +165,11 @@ sub check_member {
 	    return "Error: [$member] isn't valid IPv4 network\n";
 	}
 	if ($member =~ /([\d.]+)\/(\d+)/) {
-	    my $net  = $1;
-	    my $cidr = $2;
+	    my ($net, $mask) = ($1, $2);
 	    return "Error: zero net invalid in network-group\n" 
 		if $net eq '0.0.0.0';
-	    return "Error: zero cidr invalid in network-group\n" 
-		if $cidr eq '0';
+	    return "Error: invalid mask [$mask] - must be between 1-31\n"
+		if $mask < 1 or $mask > 31;
 	} else {
 	    return "Error: Invalid network group [$member]\n";
 	}
author	Stig Thormodsrud <stig@io.vyatta.com>	2009-02-10 16:30:32 -0800
committer	Stig Thormodsrud <stig@io.vyatta.com>	2009-02-10 16:30:32 -0800
commit	586f847fd9c6fb94fd794029e90351b4ff6f7e05 (patch)
tree	ce0f8140b052fd64d599327dc6c59576ab7e5061 /lib/Vyatta/IpTables/IpSet.pm
parent	9887700a0bcc22d646090ad263bff6b0895fb77c (diff)
download	vyatta-cfg-firewall-586f847fd9c6fb94fd794029e90351b4ff6f7e05.tar.gz vyatta-cfg-firewall-586f847fd9c6fb94fd794029e90351b4ff6f7e05.zip