[fwbuilder-commits] [SCM] Firewall Builder GUI and Policy Compilers Open Source Code branch, develo

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Firewall Builder GUI and Policy Compilers Open Source Code".

The branch, development has been updated
       via  2b54b4c49b2a74776fee88e89c8e0074da7ee566 (commit)
      from  04d5c68fb39faf7eda55037748a38ff43ca11ff2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2b54b4c49b2a74776fee88e89c8e0074da7ee566
Author: Vadim Kurland <va...@sl...>
Date:   Thu Jul 21 14:17:48 2011 -0700

    fixes #2565 "Run-time dns name or address table in routing policy ->
    crash". Compiler for PF crashed if user placed run-time DNSName object
    in "destination" of a routing rule.

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 4ce7e82..03743da 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,10 @@
 2011-07-21  vadim  <va...@ne...>
 
+	* RoutingCompiler.cpp (processNext): fixes #2565 "Run-time dns
+	name or address table in routing policy -> crash". Compiler for PF
+	crashed if user placed run-time DNSName object in "destination"
+	of a routing rule.
+
 	* RuleSetModel.cpp (initRule): see #2515 Expanded set of options
 	the user can change to pre-set parameters in the new policy rules
 	they create. Now user can set default values for action ("Deny" or
diff --git a/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp b/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp
index 9c78ecb..febf8cf 100644
--- a/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp
+++ b/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp
@@ -257,17 +257,21 @@ bool RoutingCompiler::singleAdressInRGtw::processNext()
 }
 
 // recursive network validity check
-bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o) {
-    
-    if( Network::cast(o) != NULL) {
+bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o)
+{
+    if( Network::cast(o) != NULL)
+    {
         return ((Network *)o)->isValidRoutingNet();
     }
     
     /* if we have a group containing networks and groups, we want to check them too */
-    if( ObjectGroup::cast(o) != NULL) {
+    if( ObjectGroup::cast(o) != NULL)
+    {
+        FWObjectTypedChildIterator child_i =
+            o->findByType(FWObjectReference::TYPENAME);
         
-        FWObjectTypedChildIterator child_i = o->findByType(FWObjectReference::TYPENAME);
-        for ( ; child_i != child_i.end(); ++child_i) {
+        for ( ; child_i != child_i.end(); ++child_i)
+        {
             FWObjectReference *child_r = FWObjectReference::cast(*child_i);
             assert(child_r);
             FWObject *child = child_r->getPointer();
@@ -276,12 +280,16 @@ bool RoutingCompiler::validateNetwork::checkValidNetwork(FWObject *o) {
             ObjectGroup *group;
             
             // Network
-            if ((network=Network::cast(child)) != NULL) {
-                if (checkValidNetwork(network) == false) {
+            if ((network=Network::cast(child)) != NULL)
+            {
+                if (checkValidNetwork(network) == false)
+                {
                     return false;
                 }
-            } else if ((group=ObjectGroup::cast(child)) != NULL) { // Group
-                if (checkValidNetwork(group) == false) {
+            } else if ((group=ObjectGroup::cast(child)) != NULL)
+            { // Group
+                if (checkValidNetwork(group) == false)
+                {
                     return false;
                 }
             }
@@ -301,8 +309,17 @@ bool RoutingCompiler::validateNetwork::processNext()
     RuleElementRDst *dstrel=rule->getRDst();
     FWObject *o = FWReference::cast(dstrel->front())->getPointer();
      
-    if( checkValidNetwork(o) == false) {
+    // currently we do not support run-time DNSName and AddressTable objects
+    // in routing rules.
+    MultiAddress *ma = MultiAddress::cast(o);
+    if (ma && ma->isRunTime()) 
+    {
+        compiler->abort(rule, "Use of dynamic run-time objects "
+                        "as destination in routing rules is not supported.");
+    }
     
+    if( checkValidNetwork(o) == false)
+    {
         string msg;
         msg = "Object \"" + o->getName() +
             "\" used as destination in the routing rule " +

-----------------------------------------------------------------------

Summary of changes:
 doc/ChangeLog                                      |    5 ++
 .../src/fwcompiler/RoutingCompiler.cpp             |   45 +++++++++++++------
 2 files changed, 36 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
Firewall Builder GUI and Policy Compilers Open Source Code




[fwbuilder-commits] [SCM] Firewall Builder GUI and Policy Compilers Open Source Code branch, develo

[fwbuilder-commits] [SCM] Firewall Builder GUI and Policy Compilers Open Source Code branch, development, updated. v4.2.2-295-g2b54b4c