diff options
| author | Jo-Philipp Wich | 2022-06-13 13:21:01 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich | 2022-06-14 14:54:06 +0000 |
| commit | 880dd31353c8db8bad4b193cc4928ba01ff29c78 (patch) | |
| tree | fbd15bbe6e4017a33f0c07ee689347e9afa769b2 | |
| parent | 11410b80eb9c442c4850cfc3034267f3f72a196c (diff) | |
| download | firewall4-880dd31353c8db8bad4b193cc4928ba01ff29c78.tar.gz | |
fw4: fix skipping invalid IPv6 ipset entries
The current code did not account for invalid IPv6 entries yielding `null`
after subnet parsing, leading to an incorrect warning about multiple entries
and a subsequent `null` access leading to a crash.
Fix the issue by ensuring that the length check expression yields `0` on
invalid inputs.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
| -rw-r--r-- | root/usr/share/ucode/fw4.uc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc index 0200758..d600528 100644 --- a/root/usr/share/ucode/fw4.uc +++ b/root/usr/share/ucode/fw4.uc @@ -1439,7 +1439,7 @@ return { case 'ipv6_addr': ip = filter(this.parse_subnet(values[i]), a => (a.family == 6)); - switch(length(ip)) { + switch (length(ip) ?? 0) { case 0: return null; case 1: break; case 2: this.warn("Set entry '%s' resolves to multiple addresses, using first one", values[i]); |