From 03abd03326370e9b900bc0927452ae1bee841e80 Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Tue, 15 Nov 2011 11:39:40 -0800 Subject: Bug 7411: improving validations for IPv4 address / port combinations for conntrack --- scripts/vyatta-delete-conntrack.pl | 28 ++++++++++++++++++++++++++-- scripts/vyatta-show-conntrack.pl | 26 ++++++++++++++++++++++++-- 2 files changed, 50 insertions(+), 4 deletions(-) diff --git a/scripts/vyatta-delete-conntrack.pl b/scripts/vyatta-delete-conntrack.pl index 516635f..a465c11 100755 --- a/scripts/vyatta-delete-conntrack.pl +++ b/scripts/vyatta-delete-conntrack.pl @@ -147,9 +147,21 @@ if ($family eq "ipv4") { my @address = split(/:/, $sourceIP); $sourceIP = $address[0]; $sourcePort = $address[1]; + + #Validate the entered IP and port my( $success, $err ) = isValidPortNumber($sourcePort); + if (!(isIpAddress($sourceIP))and !($sourceIP eq "0.0.0.0")) { + if(!defined($success)) { + #both IP and port are invalid + die "Please enter a valid source IPv4 address and port \n"; + } else { + #only IP is invalid + die "Please enter a valid source IPv4 address\n"; + } + } if(!defined($success)) { - die "Please enter a valid source port number\n"; + #port is invalid + die "Please enter a valid source port \n"; } $command .= " --orig-port-src $sourcePort"; } @@ -158,9 +170,21 @@ if ($family eq "ipv4") { my @address = split(/:/, $destIP); $destIP = $address[0]; $destPort = $address[1]; + + #Validate the entered IP and port my( $success, $err ) = isValidPortNumber($destPort); + if (!(isIpAddress($destIP))and !($destIP eq "0.0.0.0")) { + if(!defined($success)) { + #both IP and port are invalid + die "Please enter a valid destination IPv4 address and port \n"; + } else { + #only IP is invalid + die "Please enter a valid destination IPv4 address\n"; + } + } if(!defined($success)) { - die "Please enter a valid destination port number\n"; + #port is invalid + die "Please enter a valid destination port \n"; } $command .= " --orig-port-dst $destPort"; } diff --git a/scripts/vyatta-show-conntrack.pl b/scripts/vyatta-show-conntrack.pl index 6a461f8..7dfa196 100755 --- a/scripts/vyatta-show-conntrack.pl +++ b/scripts/vyatta-show-conntrack.pl @@ -157,9 +157,21 @@ if ($family eq "ipv4") { my @address = split(/:/, $sourceIP); $sourceIP = $address[0]; $sourcePort = $address[1]; + + # Check if IP address is a valid IPv4 address my( $success, $err ) = isValidPortNumber($sourcePort); + if (!(isIpAddress($sourceIP))and !($sourceIP eq "0.0.0.0")) { + if(!defined($success)) { + #both IP and port are invalid + die "Please enter a valid source IPv4 address and port \n"; + } else { + #only IP is invalid + die "Please enter a valid source IPv4 address\n"; + } + } if(!defined($success)) { - die "Please enter a valid source port number\n"; + #port is invalid + die "Please enter a valid source port \n"; } $command .= " --orig-port-src $sourcePort"; } @@ -169,8 +181,18 @@ if ($family eq "ipv4") { $destIP = $address[0]; $destPort = $address[1]; my( $success, $err ) = isValidPortNumber($destPort); + if (!(isIpAddress($destIP))and !($destIP eq "0.0.0.0")) { + if(!defined($success)) { + #both IP and port are invalid + die "Please enter a valid destination IPv4 address and port \n"; + } else { + #only IP is invalid + die "Please enter a valid destination IPv4 address\n"; + } + } if(!defined($success)) { - die "Please enter a valid destination port number\n"; + #port is invalid + die "Please enter a valid destination port \n"; } $command .= " --orig-port-dst $destPort"; } -- cgit v1.2.3