From d840d02aee26d2f71b9d411b1960eb5b2423b19a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 2 Jan 2015 12:20:50 +0100 Subject: [PATCH] firewall: Fix off-by-one error in configuration parser The configuration parser determines how many comma-separated values there are in a line. If new values are added we need to check first if those are set in every line to avoid any undefined behaviour. A wrong comparison parameter was used which caused that the limit feature was never enabled in the rule generation. --- config/firewall/rules.pl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 75a9357f6..a475e2d60 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -280,7 +280,7 @@ sub buildrules { # Concurrent connection limit my @ratelimit_options = (); - if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) { + if (($elements ge 34) && ($$hash{$key}[32] eq 'ON')) { my $conn_limit = $$hash{$key}[33]; if ($conn_limit ge 1) { @@ -296,13 +296,13 @@ sub buildrules { } # Ratelimit - if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) { + if (($elements ge 37) && ($$hash{$key}[34] eq 'ON')) { my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]"; - if ($rate_limit) { - push(@ratelimit_options, ("-m", "limit")); - push(@ratelimit_options, ("--limit", $rate_limit)); - } + if ($rate_limit) { + push(@ratelimit_options, ("-m", "limit")); + push(@ratelimit_options, ("--limit", $rate_limit)); + } } # Check which protocols are used in this rule and so that we can -- 2.39.2