DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

[server] fix is_digits() logic and add tests

Browse Source
This commit is contained in:
Michael Rash 2015-07-17 21:28:02 -07:00
parent 76d8ce5158
commit 295a6a0d14
5 changed files with 60 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/fw_util_firewalld.c
View File

@ -1486,7 +1486,12 @@ rm_expired_rules(const fko_srv_options_t * const opts,
strlcpy(exp_str, ndx, sizeof(exp_str)); strlcpy(exp_str, ndx, sizeof(exp_str));
chop_spaces(exp_str); chop_spaces(exp_str);
if(!is_digits(exp_str)) if(!is_digits(exp_str))
break; {
/* go to the next rule if it exists
*/
ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
continue;
}
rule_exp = (time_t)atoll(exp_str); rule_exp = (time_t)atoll(exp_str);

7
server/fw_util_ipfw.c
View File

@ -683,7 +683,12 @@ check_firewall_rules(const fko_srv_options_t * const opts)
strlcpy(exp_str, ndx, sizeof(exp_str)); strlcpy(exp_str, ndx, sizeof(exp_str));
chop_spaces(exp_str); chop_spaces(exp_str);
if(!is_digits(exp_str)) if(!is_digits(exp_str))
break; {
/* go to the next rule if it exists
*/
ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
continue;
}
rule_exp = (time_t)atoll(exp_str); rule_exp = (time_t)atoll(exp_str);

7
server/fw_util_iptables.c
View File

@ -1472,7 +1472,12 @@ rm_expired_rules(const fko_srv_options_t * const opts,
strlcpy(exp_str, ndx, sizeof(exp_str)); strlcpy(exp_str, ndx, sizeof(exp_str));
chop_spaces(exp_str); chop_spaces(exp_str);
if(!is_digits(exp_str)) if(!is_digits(exp_str))
break; {
/* go to the next rule if it exists
*/
ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
continue;
}
rule_exp = (time_t)atoll(exp_str); rule_exp = (time_t)atoll(exp_str);

7
server/fw_util_pf.c
View File

@ -407,7 +407,12 @@ check_firewall_rules(const fko_srv_options_t * const opts)
strlcpy(exp_str, ndx, sizeof(exp_str)); strlcpy(exp_str, ndx, sizeof(exp_str));
chop_spaces(exp_str); chop_spaces(exp_str);
if(!is_digits(exp_str)) if(!is_digits(exp_str))
break; {
/* go to the next rule if it exists
*/
ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
continue;
}
rule_exp = (time_t)atoll(exp_str); rule_exp = (time_t)atoll(exp_str);

36
test/tests/rijndael_hmac.pl
View File

@ -231,6 +231,42 @@
'key_file' => $cf{'rc_hmac_b64_key'}, 'key_file' => $cf{'rc_hmac_b64_key'},
'client_cycles_per_server_instance' => 3, 'client_cycles_per_server_instance' => 3,
}, },
{
'category' => 'Rijndael+HMAC',
'subcategory' => 'client+server',
'detail' => 'invalid _exp_ prefix',
'function' => \&spa_cycle,
'cmdline' => $default_client_hmac_args,
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
"-d $default_digest_file -p $default_pid_file " .
"$intf_str --no-ipt-check-support --no-firewd-check-support",
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
'key_file' => $cf{'rc_hmac_b64_key'},
'insert_duplicate_rule_while_running' => $YES,
'fw_dupe_rule_args' => [
"-A FWKNOP_INPUT -p 6 -s $fake_ip -d 0.0.0.0/0 " .
"--dport 22 -m comment --comment _exp_NNN -j ACCEPT"
],
},
{
'category' => 'Rijndael+HMAC',
'subcategory' => 'client+server',
'detail' => 'invalid _exp_ prefix (2)',
'function' => \&spa_cycle,
'cmdline' => $default_client_hmac_args,
'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'def'} -a $cf{'hmac_access'} " .
"-d $default_digest_file -p $default_pid_file $intf_str",
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
'key_file' => $cf{'rc_hmac_b64_key'},
'insert_duplicate_rule_while_running' => $YES,
'fw_dupe_rule_args' => [
"-A FWKNOP_INPUT -p 6 -s $fake_ip -d 0.0.0.0/0 " .
"--dport 22 -m comment --comment _exp_NNN -j ACCEPT"
],
},
{ {
'category' => 'Rijndael+HMAC', 'category' => 'Rijndael+HMAC',
'subcategory' => 'client+server', 'subcategory' => 'client+server',