[server] fix is_digits() logic and add tests

2015-07-17 21:28:02 -07:00 · 2015-07-17 21:28:02 -07:00 · 295a6a0d14
commit 295a6a0d14
parent 76d8ce5158
5 changed files with 60 additions and 4 deletions
--- a/server/fw_util_firewalld.c
+++ b/server/fw_util_firewalld.c
@ -1486,7 +1486,12 @@ rm_expired_rules(const fko_srv_options_t * const opts,
        strlcpy(exp_str, ndx, sizeof(exp_str));
        chop_spaces(exp_str);
        if(!is_digits(exp_str))
-            break;
+        {
+            /* go to the next rule if it exists
+            */
+            ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
+            continue;
+        }

        rule_exp = (time_t)atoll(exp_str);

--- a/server/fw_util_ipfw.c
+++ b/server/fw_util_ipfw.c
@ -683,7 +683,12 @@ check_firewall_rules(const fko_srv_options_t * const opts)
        strlcpy(exp_str, ndx, sizeof(exp_str));
        chop_spaces(exp_str);
        if(!is_digits(exp_str))
-            break;
+        {
+            /* go to the next rule if it exists
+            */
+            ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
+            continue;
+        }

        rule_exp = (time_t)atoll(exp_str);

--- a/server/fw_util_iptables.c
+++ b/server/fw_util_iptables.c
@ -1472,7 +1472,12 @@ rm_expired_rules(const fko_srv_options_t * const opts,
        strlcpy(exp_str, ndx, sizeof(exp_str));
        chop_spaces(exp_str);
        if(!is_digits(exp_str))
-            break;
+        {
+            /* go to the next rule if it exists
+            */
+            ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
+            continue;
+        }

        rule_exp = (time_t)atoll(exp_str);

--- a/server/fw_util_pf.c
+++ b/server/fw_util_pf.c
@ -407,7 +407,12 @@ check_firewall_rules(const fko_srv_options_t * const opts)
        strlcpy(exp_str, ndx, sizeof(exp_str));
        chop_spaces(exp_str);
        if(!is_digits(exp_str))
-            break;
+        {
+            /* go to the next rule if it exists
+            */
+            ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
+            continue;
+        }

        rule_exp = (time_t)atoll(exp_str);

--- a/test/tests/rijndael_hmac.pl
+++ b/test/tests/rijndael_hmac.pl
@ -231,6 +231,42 @@
        'key_file' => $cf{'rc_hmac_b64_key'},
        'client_cycles_per_server_instance' => 3,
    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'invalid _exp_ prefix',
+        'function' => \&spa_cycle,
+        'cmdline'  => $default_client_hmac_args,
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file " .
+            "$intf_str --no-ipt-check-support --no-firewd-check-support",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'insert_duplicate_rule_while_running' => $YES,
+        'fw_dupe_rule_args' => [
+            "-A FWKNOP_INPUT -p 6 -s $fake_ip -d 0.0.0.0/0 " .
+            "--dport 22 -m comment --comment _exp_NNN -j ACCEPT"
+        ],
+    },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'invalid _exp_ prefix (2)',
+        'function' => \&spa_cycle,
+        'cmdline'  => $default_client_hmac_args,
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'insert_duplicate_rule_while_running' => $YES,
+        'fw_dupe_rule_args' => [
+            "-A FWKNOP_INPUT -p 6 -s $fake_ip -d 0.0.0.0/0 " .
+            "--dport 22 -m comment --comment _exp_NNN -j ACCEPT"
+        ],
+    },
+
    {
        'category' => 'Rijndael+HMAC',
        'subcategory' => 'client+server',