From patchwork Thu Apr 20 16:05:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pierre Lebleu X-Patchwork-Id: 752870 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3w83dh65YYz9s4s for ; Fri, 21 Apr 2017 02:06:32 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="jx6GyT3E"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="c++EQtZT"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id: Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=ZdRnDOOFx7svrMSGhnYAP3c5XJFgDoOBvKUTAWn2kxk=; b=jx6GyT3ElBfZKU JVG3SOfaMTBFgpQyfgQFEmWMHtxSFrdiPuUkooIkRM46EootDShsNv1pxSJDwrpFYjEpQnnhG+vMB buLlQQgxLF6m+wPhnpGQ1pwRI8rO+Q11zcyHXRkpSDEUG+Gnh6WisUSH5+YTII8qnmdAAhnJkJvPb Jb361wDZYlu+vo6UmvKGae2fqUjC+VvS1CD4rbe0nnV85dxgPcQLUrMkUQCH7vFM6Yt59I0Mtjxhi xHBuGckgc7goGN2Krnq6y+2SDgnNT1QKtyelmb3AgzvugKtM4UDMmig+ePVnSkZw0R6Tt2j7tA0ts +scJ52I9XX3DyCRH1MPg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1d1Eb9-0006cI-RC; Thu, 20 Apr 2017 16:06:23 +0000 Received: from mail-io0-x241.google.com ([2607:f8b0:4001:c06::241]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1d1Eax-0006V8-1z for lede-dev@lists.infradead.org; Thu, 20 Apr 2017 16:06:12 +0000 Received: by mail-io0-x241.google.com with SMTP id k87so17801134ioi.0 for ; Thu, 20 Apr 2017 09:05:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=lR3LLuXr4zhdPQuUO2/0bQ05U7VJJP77h8/YPSt5Yoo=; b=c++EQtZTFNY7/qYL6ZE8yQlIksQTm0+3yj6juW2dEgeVilERIMP3CKl/x65PjU8kyN /c+x87Tik1qZEgE1wM8IJ8ibmzpZwUGU34989//mnKA3zcmbej0y351bhhCw7a28WIPu RJdP6O7oLiwSkVpQP6sekbqHlBLksgJi+SySuM/Np0uHh1s74aW/LJC7h6L5no/RpcRz 1EGFIc0QQblN17wXOmWa8f0V89WuXItlMUm5p/rCcfAdBn94/N5R/a7CR0abbTnhAw8I g/ElFfnlO4zrxiYxkmBeC1PNZzswUIL3APZoms7paXLDf0froQIgx0AdiZfQm9ETo0n6 e3Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=lR3LLuXr4zhdPQuUO2/0bQ05U7VJJP77h8/YPSt5Yoo=; b=iIZD7+rCXm0WzCpOgJ/7XUQDCycejZHct20BRfWN2bnYj7OrhBMfHx5yQ0JbkZ2Yx8 RPAjg9qw0ucfyRhxkIMrqi9mR6AVSiPRQeMVxOUD+RQrZhM4OJD+DQZ/xrTzjm8XtFrS iF4Km8xTgK6jiJ3J+ceUzvSRFjPkxD7tB3hwQN1eOZTxtiTkgK+DP9d/Q/y8HHLIbcJ2 fxPQIaoRr1Bfk9G62qDzsqUf0EndTZuh22OOPaPXilgx3vc+179Y9jNDPNppy29+Jes/ /+N+73o3n6jdXNPZ/Q/ia/dzFjq7Qu4vBIq9TRRxuLehyNJy1ia4xYwlZePLLlHihEDi wXqw== X-Gm-Message-State: AN3rC/5hI0JYmi7cpuHea957550i+u7LvSfms5TCQO1G2x8jLS5JOxuf 7l9gs+yktt4kMQ== X-Received: by 10.36.115.146 with SMTP id y140mr4696940itb.21.1492704349410; Thu, 20 Apr 2017 09:05:49 -0700 (PDT) Received: from smtp.gmail.com (14.125.146.82.ipv4.evonet.be. [82.146.125.14]) by smtp.gmail.com with ESMTPSA id u191sm7931652ita.15.2017.04.20.09.05.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Apr 2017 09:05:48 -0700 (PDT) From: Pierre Lebleu To: lede-dev@lists.infradead.org Date: Thu, 20 Apr 2017 18:05:36 +0200 Message-Id: <1492704342-24042-1-git-send-email-pme.lebleu@gmail.com> X-Mailer: git-send-email 1.7.9.5 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170420_090611_145106_FFD6A299 X-CRM114-Status: UNSURE ( 7.68 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2607:f8b0:4001:c06:0:0:0:241 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pme.lebleu[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Subject: [LEDE-DEV] [PATCH 1/7] firewall3: check the return value of fw3_parse_options() X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Pierre Lebleu , jow@mein.io MIME-Version: 1.0 Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The return value of fw3_parse_options() should be checked and when it fails the section should be skipped. Signed-off-by: Pierre Lebleu --- defaults.c | 6 +++++- forwards.c | 7 ++++++- includes.c | 7 ++++++- ipsets.c | 7 ++++++- zones.c | 7 ++++++- 5 files changed, 29 insertions(+), 5 deletions(-) diff --git a/defaults.c b/defaults.c index 8afbf9a..37e6e0f 100644 --- a/defaults.c +++ b/defaults.c @@ -107,7 +107,11 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p) continue; } - fw3_parse_options(&state->defaults, fw3_flag_opts, s); + if(!fw3_parse_options(&state->defaults, fw3_flag_opts, s)) + { + warn_elem(e, "skipped due to invalid options"); + continue; + } check_policy(e, &defs->policy_input, "input"); check_policy(e, &defs->policy_output, "output"); diff --git a/forwards.c b/forwards.c index 997c307..cf0c3a8 100644 --- a/forwards.c +++ b/forwards.c @@ -54,7 +54,12 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p) forward->enabled = true; - fw3_parse_options(forward, fw3_forward_opts, s); + if (!fw3_parse_options(forward, fw3_forward_opts, s)) + { + warn_elem(e, "skipped due to invalid options"); + fw3_free_forward(forward); + continue; + } if (!forward->enabled) { diff --git a/includes.c b/includes.c index a9a75cb..7ca164f 100644 --- a/includes.c +++ b/includes.c @@ -54,7 +54,12 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p) include->name = e->name; include->enabled = true; - fw3_parse_options(include, fw3_include_opts, s); + if (!fw3_parse_options(include, fw3_include_opts, s)) + { + warn_elem(e, "skipped due to invalid options"); + fw3_free_include(include); + continue; + } if (!include->enabled) { diff --git a/ipsets.c b/ipsets.c index 0325944..3b1ba00 100644 --- a/ipsets.c +++ b/ipsets.c @@ -239,7 +239,12 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p) if (!ipset) continue; - fw3_parse_options(ipset, fw3_ipset_opts, s); + if (!fw3_parse_options(ipset, fw3_ipset_opts, s)) + { + warn_elem(e, "skipped due to invalid options"); + fw3_free_ipset(ipset); + continue; + } if (ipset->external) { diff --git a/zones.c b/zones.c index 520d00c..1b47e15 100644 --- a/zones.c +++ b/zones.c @@ -170,7 +170,12 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p) if (!zone) continue; - fw3_parse_options(zone, fw3_zone_opts, s); + if (!fw3_parse_options(zone, fw3_zone_opts, s)) + { + warn_elem(e, "skipped due to invalid options"); + fw3_free_zone(zone); + continue; + } if (!zone->enabled) {