summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2009-01-21 22:04:37 +0000
committerTed Trask <ttrask01@yahoo.com>2009-01-21 22:04:37 +0000
commit3fe565d231f597fe6eeaa0cc6923a95f1398cf33 (patch)
tree9f46924442e876feb1d97e9164bf765246642cd5
parent38f4e6989bcf202e352aca504c521c372a77fa75 (diff)
downloadacf-iptables-3fe565d231f597fe6eeaa0cc6923a95f1398cf33.tar.bz2
acf-iptables-3fe565d231f597fe6eeaa0cc6923a95f1398cf33.tar.xz
Added escapespecialcharacters to format.lua to escape shell special characters. Reviewed all calls to io.popen and os.execute to escape special characters. Fixed file uploads in openssl and ipsectools with viewfunctions.lua. Tried to fix openssl renew when subject contains special characters, but not done yet.
git-svn-id: svn://svn.alpinelinux.org/acf/iptables/trunk@1687 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--iptables-model.lua26
1 files changed, 13 insertions, 13 deletions
diff --git a/iptables-model.lua b/iptables-model.lua
index cad707a..0447e41 100644
--- a/iptables-model.lua
+++ b/iptables-model.lua
@@ -260,7 +260,7 @@ function update_chain(chain)
if success then
if chain.value.policy then
- local cmd = path .. "iptables -t "..chain.value.table.value.." -P "..chain.value.chain.value.." "..chain.value.policy.value.." 2>&1"
+ local cmd = path .. "iptables -t "..format.escapespecialcharacters(chain.value.table.value).." -P "..format.escapespecialcharacters(chain.value.chain.value).." "..format.escapespecialcharacters(chain.value.policy.value).." 2>&1"
local f = io.popen(cmd)
local errtxt = f:read("*a")
f:close()
@@ -292,7 +292,7 @@ function create_chain(chain)
end
if success then
- local cmd = path .. "iptables -t "..chain.value.table.value.." -N "..chain.value.chain.value.." 2>&1"
+ local cmd = path .. "iptables -t "..format.escapespecialcharacters(chain.value.table.value).." -N "..format.escapespecialcharacters(chain.value.chain.value).." 2>&1"
local f = io.popen(cmd)
local errtxt = f:read("*a")
if errtxt ~= "" then
@@ -318,7 +318,7 @@ function delete_chain(tab, chain)
elseif chn.references and tonumber(chn.references) > 0 then
retval.errtxt = "Cannot delete chain with references"
else
- local cmd = path .. "iptables -t "..tab.." -X "..chain.." 2>&1"
+ local cmd = path .. "iptables -t "..format.escapespecialcharacters(tab).." -X "..format.escapespecialcharacters(chain).." 2>&1"
local f = io.popen(cmd)
local errtxt = f:read("*a")
if errtxt ~= "" then
@@ -488,13 +488,13 @@ function create_rule(rule)
if success then
local spec = generate_rule_specification(rule)
- local cmd = path .. "iptables -t " .. rule.value.table.value
- if rule.value.position.value ~= "" then
- cmd = cmd .. " -I " .. rule.value.chain.value .. " " .. rule.value.position.value
+ local cmd = path .. "iptables -t " .. format.escapespecialcharacters(rule.value.table.value)
+ if tonumber(rule.value.position.value) then
+ cmd = cmd .. " -I " .. format.escapespecialcharacters(rule.value.chain.value) .. " " .. format.escapespecialcharacters(rule.value.position.value)
else
- cmd = cmd .. " -A " .. rule.value.chain.value
+ cmd = cmd .. " -A " .. format.escapespecialcharacters(rule.value.chain.value)
end
- cmd = cmd .. " " .. spec .. " 2>&1"
+ cmd = cmd .. " " .. format.escapespecialcharacters(spec) .. " 2>&1"
local f = io.popen(cmd)
rule.errtxt = f:read("*a")
f:close()
@@ -510,14 +510,14 @@ end
function update_rule(rule)
local success, rule = validate_rule(rule)
- if rule.value.position.value == "" then
- rule.value.position.errtxt = "Cannot be empty"
- successs = false
+ if not tonumber(rule.value.position.value) then
+ rule.value.position.errtxt = "Must be a number"
+ success = false
end
if success then
local spec = generate_rule_specification(rule)
- local cmd = path .. "iptables -t " .. rule.value.table.value .. " -R " .. rule.value.chain.value .. " " .. rule.value.position.value .. " " .. spec .. " 2>&1"
+ local cmd = path .. "iptables -t " .. format.escapespecialcharacters(rule.value.table.value) .. " -R " .. format.escapespecialcharacters(rule.value.chain.value) .. " " .. format.escapespecialcharacters(rule.value.position.value) .. " " .. format.escapespecialcharacters(spec) .. " 2>&1"
local f = io.popen(cmd)
rule.errtxt = f:read("*a")
f:close()
@@ -536,7 +536,7 @@ function delete_rule(tab, chain, pos)
if not tab or not chain or not pos then
cmdresult.errtxt = "Incomplete specification - must define table, chain, and position"
else
- local cmd = path .. "iptables -t " .. tab .. " -D " .. chain .. " " .. pos
+ local cmd = path .. "iptables -t " .. format.escapespecialcharacters(tab) .. " -D " .. format.escapespecialcharacters(chain) .. " " .. format.escapespecialcharacters(pos)
local f = io.popen(cmd)
cmdresult.value = f:read("*a")
f:close()