]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 53e5126) | patch
scanner: restrict include directive to regular files
authorFlorian Westphal <fw@strlen.de>
Thu, 14 Sep 2023 09:42:16 +0000 (11:42 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 3 Nov 2023 11:23:37 +0000 (12:23 +0100)
commit672224d14b837b7a875f22d4bed06711947c9387
tree5308e91f0649a77e0da5f3e5a96b0600a8fbd3f4tree | snapshot
parent53e5126309eed8fa3154d5424fe5cd6fd7b8c567commit | diff
scanner: restrict include directive to regular files

commit 999ca7dade519ad5757f07a9c488b326a5e7d785 upstream.

Similar to previous change, also check all

include "foo"

and reject those if they refer to named fifos, block devices etc.

Directories are still skipped, I don't think we can change this
anymore.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1664
Signed-off-by: Florian Westphal <fw@strlen.de>
src/scanner.l diff | blob | blame | history
tests/shell/testcases/bogons/nft-f/include-device [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables