From 26e35f61bb856aa482f84f50521f924d4a6c12b1 Mon Sep 17 00:00:00 2001

From: Eric Garver <e@erig.me>

Date: Thu, 24 May 2018 16:30:13 -0400

Subject: [PATCH 1/5] ipset: check type when parsing ipset definition

(cherry picked from commit ebe0cb93c3f38a5d9af267407769eb187940c62f)

---

 src/firewall/core/io/ipset.py | 2 ++

 1 file changed, 2 insertions(+)

diff --git a/src/firewall/core/io/ipset.py b/src/firewall/core/io/ipset.py

index f291d15e0033..0670677b4206 100644

--- a/src/firewall/core/io/ipset.py

+++ b/src/firewall/core/io/ipset.py

@@ -320,6 +320,8 @@ class ipset_ContentHandler(IO_Object_ContentHandler):

         self.item.parser_check_element_attrs(name, attrs)

         if name == "ipset":

             if "type" in attrs:

+                if attrs["type"] not in IPSET_TYPES:

+                    raise FirewallError(errors.INVALID_TYPE, "%s" % attrs["type"])

                 self.item.type = attrs["type"]

             if "version" in attrs:

                 self.item.version = attrs["version"]

-- 

2.16.3