Bug #3268
Load balancer needs input validation to prohibit reserved table names
Start date:
10/15/2013
Due date:
% Done:
100%
Estimated time:
Affected Version:
All
Affected Architecture:
Description
Reserved table names aren't prohibited from being entered as a table name in load_balancer_pool_edit.php. At least <ssl> is prohibited, and can find others from our alias code input validation I believe. Using "ssl" as the name results in a relayd syntax error, and I'm sure similar for other reserved keywords, just don't have time for in depth testing at the moment.
Associated revisions
Fix #3268 - avoid pf table names conflict:
. Create a list of reserved table names for the hardcoded ones
. Use this list to validate aliases and load balance pool names
. Check if alias names don't conflict with LB pool names and vice-versa
History
#1
Updated by Renato Botelho over 7 years ago
Updated by - Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset c48fdaa40effe9edc8bb4fb933e124a93cb24a0d.
#2
Updated by Renato Botelho over 7 years ago
Applied in changeset 78b0e51e9a135804bfea307ea30c25fe16473da1.
#3
Updated by Chris Buechler about 7 years ago
Updated by - Status changed from Feedback to Resolved
Fix #3268 - avoid pf table names conflict:
. Create a list of reserved table names for the hardcoded ones
. Use this list to validate aliases and load balance pool names
. Check if alias names don't conflict with LB pool names and vice-versa