Bug#514993: rate limiting doesn't work the way uif.conf comments describe it

Thu, 12 Feb 2009 06:46:22 -0800 

Package: uif
Version: 1.0.5-3.1
Severity: normal
Tags: patch

The way uif currently reads the "limit" option on rules, it can't work:
1) In the comments in uif.conf, the colon (":") is used as a delimiter
   while uif(.pl) expects a comman (",").
2) The second part (after splitting) still contains the delimiter when
   the parameter is checked for validity and/or passed to iptables. This
   definitely causes an error either in parameter checking or in
   iptables, so doesn't work.
The attached patch fixes uif.pl to use the colon as the delimiter as the
comments in uif.conf indicate. Furthermore it clean the delimiter from
the rate limit before using it any further.

Regards,
Sven

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'proposed-updates'), (400, 
'experimental'), (90, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages uif depends on:
ii  bsdutils            1:2.12r-19etch1      Basic utilities from 4.4BSD-Lite
ii  debconf [debconf-2. 1.5.22~bpo40+1       Debian configuration management sy
ii  iptables            1.3.6.0debian1-5     administration tools for packet fi
ii  libnet-ldap-perl    1:0.33-2             A Client interface to LDAP servers
ii  libnetaddr-ip-perl  4.007+dfsg-2~bpo40+2 Manipulate IP Addresses easily
ii  perl                5.8.8-7etch6         Larry Wall's Practical Extraction 

uif recommends no packages.

-- debconf information:
* uif/conf_method: don't touch
* uif/trusted:
* uif/traceroute: true
* uif/workstation:
* uif/pings: true
  uif/error:

--- a/uif.pl    2004-07-30 21:01:12.000000000 +0200
+++ b/uif.pl    2009-02-12 15:32:08.000000000 +0100
@@ -837,11 +837,18 @@
                                        }
                                        if ($2) {
                                                my $param=$2;
-                                               if ($param =~ 
/^([^,]+)(,\d+|)$/) {
+                                               if ($param =~ 
/^([^:]+)(:\d+|)$/) {
                                                        if (checkLimit $1) {
                                                                
$$rule{'Limit'}=$1;
                                                                if ($2) {
-                                                                       
$$rule{'Limit-burst'}=$2;
+                                                                       # no 
need to check burst since it 
+                                                                       # is 
guaranteed to be either empty
+                                                                       # or 
digits only (plus leading colon).
+                                                                       # Empty 
results in other part of if
+                                                                       # 
clause.
+                                                                       my 
$burst=$2;
+                                                                       
$burst=~s/^://;
+                                                                       
$$rule{'Limit-burst'}=$burst;
                                                                } else {
                                                                        
$$rule{'Limit-burst'}=$$Sysconfig{'Burst'};
                                                                }

Reply via email to