Bug #5451
Invalid ruleset generated with some AVPair-defined ACLs
0%
Description
as discussed here:
https://forum.pfsense.org/index.php?topic=102009.0
an invalid ruleset can be generated for AVPair.
Associated revisions
Ticket #5451 for RELENG_2_2
Actually this can be fixed by adding just a space after "from any".
The code here builds up $tmprule and each time it adds a new clause it puts a space at the end, ready for if there is another clause to come. The "from any" here was the only offender in this scheme.
It seems good to me to still backport little easy fixes to RELENG_2_2. That way production users can get them easily if they like (with system patches or...).
Alternate way to correct rules for ticket #5451
The code here build up each clause in $tmprule and always adds a space at the end of the clause, in case there is another clause to come. The only place that did not do this was "from any" at line 131. Fixing that should fix the issue and keep it all consistent. There should be no need to add a space before all of the "to..." clauses.
Actually the first fix by @cbuechler https://github.com/pfsense/pfsense/commit/8e81f6a88180c5c9a280d78fd77788f7160b0d1a will work fine, but IMHO this is a little cleaner and will be easier for future maintainers to understand.
History
#1
Updated by Chris Buechler about 5 years ago
Updated by - Status changed from New to Feedback
- Assignee set to Chris Buechler
missing space part's good
#2
Updated by Jim Thompson almost 5 years ago
Updated by bump (3 months, fix it or close it.)
#3
Updated by Phillip Davis almost 5 years ago
Updated by I believe this is fixed in both 2.2.x and 2.3, and can be marked Resolved.
#4
Updated by Renato Botelho almost 5 years ago
Updated by - Status changed from Feedback to Resolved
Correct AVPair rules. Ticket #5451