From patchwork Tue Mar 28 13:56:46 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pierre Lebleu <pme.lebleu@gmail.com>
X-Patchwork-Id: 744285
X-Patchwork-Delegate: jow@openwrt.org
Return-Path: 
 <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3vsst10JJxz9s7K
	for <incoming@patchwork.ozlabs.org>;
	Wed, 29 Mar 2017 00:58:01 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="WzVTnH29";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="s/J7MDSW"; dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id:
	Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=ZdRnDOOFx7svrMSGhnYAP3c5XJFgDoOBvKUTAWn2kxk=;
	b=WzVTnH29mYe9GB
	GzvAJmh9f1aNmgDAi83ENmtgILQTEuNO6mbngBZ11O67iOwO9hv456EX2u7o+k9pFM9UJJ1szL7mT
	9/yb3inmalUHIFPQilFznYmIX6k6zIN/bc4lB9yCSkepfilxVo3FFwLDFIgYYxcIYwAc6VJ8ucMLS
	KnItu9qnrdEn1o+JH6KdHXQgsgCTDAwwI4jOJ5Slbn1RDLP7EA6ZDAv2Zvpsp7oxIU1RajuMQbl6u
	GdbtGAgDxMjNIq6TPhHjNCLBkQuYNsMQKZKgl1uiwu3yiDXBZOEExoB1RhZzZhnjDq5vib1e+tkjT
	C/P5eIC/tRWure6dZ09Q==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1csrd7-00080U-9Y; Tue, 28 Mar 2017 13:57:49 +0000
Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1csrci-0007yg-7q
	for lede-dev@lists.infradead.org; Tue, 28 Mar 2017 13:57:25 +0000
Received: by mail-wr0-x243.google.com with SMTP id w43so20143194wrb.1
	for <lede-dev@lists.infradead.org>;
	Tue, 28 Mar 2017 06:57:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=lR3LLuXr4zhdPQuUO2/0bQ05U7VJJP77h8/YPSt5Yoo=;
	b=s/J7MDSWGWIEJTOveho+l1sqQQLDlR7h61RFDaPYD3YdEwBTzOf1+OKCESKOBvy30Z
	doF0kd6leVch3GlYaOEGR+4lbEVoEilFuqrpQz0m1//kIGQ/Hlc0RzvxDlHgGta41stm
	HLFyMfn2k8POSqnOuIxrnYWuCprWg9w4nB7n9N3kyi+OhJ3BN5wIqniESJ/EKHjN6PuJ
	5HWhSJPYPEeLJIXS83r3cC1NE8OqcEZN99Z2mEt+/zH3kplEMmvKxbx2goMExiIgN7ZI
	q9yS6rnydG1xekAbQAeaUTEYpHE3Fzo4S1fIC2OqaydAhc83E6P/zTizKff9ou8cz9n1
	nETw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=lR3LLuXr4zhdPQuUO2/0bQ05U7VJJP77h8/YPSt5Yoo=;
	b=OqWa6q6o0cMpcFIdHhduWjHnLGVpZpBYsKDFLg3xYU73+o6OHCUFJf0AdnKFBysSN+
	rlCQr7DKn5YHtuQsJFW7YjkdYo9IJ4hgIeAGK4vqV/IqLmy5/7FZivGU0qkua9racylO
	aogRh74O2dVsooASQZfbKDrSB5ikDY14A70HoWKidGIgyWV6SrvawrkKMrDLb3dJDVD9
	0yxT/P3ZtcBhuTY0RnotW6norVMvrBW+Bg3cP+dfiLLbtuvtUIRhttaAJdD3bzx2BrkE
	4vvPYEoUIYLgXjOC0ilbEFHXJd1oMW44iYkz1GPO+c+nH3U5ZfsnrSMnbCVFDTwxBrBi
	9epQ==
X-Gm-Message-State: 
 AFeK/H0IA8ZcDTykKgKKkbH5pI0+5VwR1bDupPsstcVtsYDrDE8z5SRXVA9lvIj1BqJtGQ==
X-Received: by 10.223.142.23 with SMTP id n23mr24169862wrb.145.1490709421750;
	Tue, 28 Mar 2017 06:57:01 -0700 (PDT)
Received: from cplx1045.edegem.eu.thmulti.com (14.125.146.82.ipv4.evonet.be.
	[82.146.125.14]) by smtp.gmail.com with ESMTPSA id
	l141sm3731973wma.32.2017.03.28.06.56.59
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 28 Mar 2017 06:56:59 -0700 (PDT)
From: Pierre Lebleu <pme.lebleu@gmail.com>
To: lede-dev@lists.infradead.org
Date: Tue, 28 Mar 2017 15:56:46 +0200
Message-Id: <1490709406-3455-1-git-send-email-pme.lebleu@gmail.com>
X-Mailer: git-send-email 1.7.9.5
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170328_065724_438653_FAA15D49 
X-CRM114-Status: UNSURE (   8.20  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -2.0 (--)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-2.0 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no
	trust [2a00:1450:400c:c0c:0:0:0:243 listed in] [list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (pme.lebleu[at]gmail.com)
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Subject: [LEDE-DEV] [PATCH] firewall3: check the return value of
	fw3_parse_options()
X-BeenThere: lede-dev@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <lede-dev.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/lede-dev/>
List-Post: <mailto:lede-dev@lists.infradead.org>
List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>
Cc: Pierre Lebleu <pme.lebleu@gmail.com>
MIME-Version: 1.0
Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org>
Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

The return value of fw3_parse_options() should be checked and
when it fails the section should be skipped.

Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
---
 defaults.c |    6 +++++-
 forwards.c |    7 ++++++-
 includes.c |    7 ++++++-
 ipsets.c   |    7 ++++++-
 zones.c    |    7 ++++++-
 5 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/defaults.c b/defaults.c
index 8afbf9a..37e6e0f 100644
--- a/defaults.c
+++ b/defaults.c
@@ -107,7 +107,11 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
 			continue;
 		}
 
-		fw3_parse_options(&state->defaults, fw3_flag_opts, s);
+		if(!fw3_parse_options(&state->defaults, fw3_flag_opts, s))
+		{
+			warn_elem(e, "skipped due to invalid options");
+			continue;
+		}
 
 		check_policy(e, &defs->policy_input, "input");
 		check_policy(e, &defs->policy_output, "output");
diff --git a/forwards.c b/forwards.c
index 997c307..cf0c3a8 100644
--- a/forwards.c
+++ b/forwards.c
@@ -54,7 +54,12 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
 
 		forward->enabled = true;
 
-		fw3_parse_options(forward, fw3_forward_opts, s);
+		if (!fw3_parse_options(forward, fw3_forward_opts, s))
+		{
+			warn_elem(e, "skipped due to invalid options");
+			fw3_free_forward(forward);
+			continue;
+		}
 
 		if (!forward->enabled)
 		{
diff --git a/includes.c b/includes.c
index a9a75cb..7ca164f 100644
--- a/includes.c
+++ b/includes.c
@@ -54,7 +54,12 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p)
 		include->name = e->name;
 		include->enabled = true;
 
-		fw3_parse_options(include, fw3_include_opts, s);
+		if (!fw3_parse_options(include, fw3_include_opts, s))
+		{
+			warn_elem(e, "skipped due to invalid options");
+			fw3_free_include(include);
+			continue;
+		}
 
 		if (!include->enabled)
 		{
diff --git a/ipsets.c b/ipsets.c
index 0325944..3b1ba00 100644
--- a/ipsets.c
+++ b/ipsets.c
@@ -239,7 +239,12 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p)
 		if (!ipset)
 			continue;
 
-		fw3_parse_options(ipset, fw3_ipset_opts, s);
+		if (!fw3_parse_options(ipset, fw3_ipset_opts, s))
+		{
+			warn_elem(e, "skipped due to invalid options");
+			fw3_free_ipset(ipset);
+			continue;
+		}
 
 		if (ipset->external)
 		{
diff --git a/zones.c b/zones.c
index 520d00c..1b47e15 100644
--- a/zones.c
+++ b/zones.c
@@ -170,7 +170,12 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 		if (!zone)
 			continue;
 
-		fw3_parse_options(zone, fw3_zone_opts, s);
+		if (!fw3_parse_options(zone, fw3_zone_opts, s))
+		{
+			warn_elem(e, "skipped due to invalid options");
+			fw3_free_zone(zone);
+			continue;
+		}
 
 		if (!zone->enabled)
 		{