From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] firewall: Avoid creating a rule that permits all traffic
 on invalid source
Date: Wed, 18 Jan 2023 23:26:42 +0000
Message-ID: <bce5b6f4-08f5-0e0d-acb0-cfd34cf27418@ipfire.org>
In-Reply-To: <20230117134144.2763140-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5474580167447757625=="
List-Id: <development.lists.ipfire.org>

--===============5474580167447757625==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Acked-by: Peter Müller <peter.mueller(a)ipfire.org>

> The firewall engine generated rules that did not have any traffic
> selectors due to an improperly initialized variable in the source.
> 
> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 30ad20df1..1b628df16 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -401,6 +401,9 @@ sub buildrules {
>  					$source = "";
>  				}
>  
> +				# Make sure that $source is properly defined
> +				next unless (defined $source);
> +
>  				my $source_intf = @$src[1];
>  
>  				foreach my $dst (@destinations) {

--===============5474580167447757625==--