Project

General

Profile

Bug #3268

Load balancer needs input validation to prohibit reserved table names

Added by Chris Buechler over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Load Balancer
Target version:
Start date:
10/15/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
All
Affected Architecture:

Description

Reserved table names aren't prohibited from being entered as a table name in load_balancer_pool_edit.php. At least <ssl> is prohibited, and can find others from our alias code input validation I believe. Using "ssl" as the name results in a relayd syntax error, and I'm sure similar for other reserved keywords, just don't have time for in depth testing at the moment.

Associated revisions

Revision c48fdaa4 (diff)
Added by Renato Botelho over 7 years ago

Fix #3268 - avoid pf table names conflict:

. Create a list of reserved table names for the hardcoded ones
. Use this list to validate aliases and load balance pool names
. Check if alias names don't conflict with LB pool names and vice-versa

Revision 78b0e51e (diff)
Added by Renato Botelho over 7 years ago

Fix #3268 - avoid pf table names conflict:

. Create a list of reserved table names for the hardcoded ones
. Use this list to validate aliases and load balance pool names
. Check if alias names don't conflict with LB pool names and vice-versa

History

#1 Updated by Renato Botelho over 7 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Chris Buechler over 7 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF