Project

General

Profile

Bug #5451

Invalid ruleset generated with some AVPair-defined ACLs

Added by Chris Buechler over 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
Rules/NAT
Target version:
Start date:
11/15/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

as discussed here:
https://forum.pfsense.org/index.php?topic=102009.0

an invalid ruleset can be generated for AVPair.

Associated revisions

Revision 8e81f6a8 (diff)
Added by Chris Buechler over 3 years ago

Correct AVPair rules. Ticket #5451

Revision f2220c68 (diff)
Added by Phillip Davis over 3 years ago

Ticket #5451 for RELENG_2_2

Actually this can be fixed by adding just a space after "from any".
The code here builds up $tmprule and each time it adds a new clause it puts a space at the end, ready for if there is another clause to come. The "from any" here was the only offender in this scheme.
It seems good to me to still backport little easy fixes to RELENG_2_2. That way production users can get them easily if they like (with system patches or...).

Revision b0ccc67b (diff)
Added by Phillip Davis over 3 years ago

Alternate way to correct rules for ticket #5451

The code here build up each clause in $tmprule and always adds a space at the end of the clause, in case there is another clause to come. The only place that did not do this was "from any" at line 131. Fixing that should fix the issue and keep it all consistent. There should be no need to add a space before all of the "to..." clauses.
Actually the first fix by @cbuechler https://github.com/pfsense/pfsense/commit/8e81f6a88180c5c9a280d78fd77788f7160b0d1a will work fine, but IMHO this is a little cleaner and will be easier for future maintainers to understand.

History

#1 Updated by Chris Buechler over 3 years ago

  • Status changed from New to Feedback
  • Assignee set to Chris Buechler

missing space part's good

#2 Updated by Jim Thompson over 3 years ago

bump (3 months, fix it or close it.)

#3 Updated by Phillip Davis over 3 years ago

I believe this is fixed in both 2.2.x and 2.3, and can be marked Resolved.

#4 Updated by Renato Botelho about 3 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF