Bug 32822

Comment 1 ru 2001-12-14 08:50:57 UTC

On Fri, Dec 14, 2001 at 10:36:54AM +0900, NAKAJI Hiroyuki wrote:
> 
> 	In daily mails from root, I see
> 
> 	Checking for passwordless accounts:
> 	[: : out of range
> 	[: : out of range
> 
> 	And checked the scripts in /etc/periodic/security to find which
> 	one says 'out of range'. They are 550.ipfwlimit and
> 	650.ip6fwlimit.
> 
> 	They use the variable ${IPFW_LOG_LIMIT} or ${IP6FW_LOG_LIMIT} and
> 	compare it with 0. But on my current system, the variables are
> 	both null strings because kernel does not have 
> 	"options IPFIREWALL" nor "options IPV6FIREWALL", 
> 	so that the 'test' fail.
> 
> >How-To-Repeat:
> 
> 	/bin/sh -x /etc/periodic/550.ipfwlimit
> 	[snip]
> 	+ sysctl -n net.inet.ip.fw.verbose_limit
> 	+ IPFW_LOG_LIMIT=
> 	+ [ 1 -eq 0 -a  -ne 0 ]
> 	[: : out of range
> 
> 	/bin/sh -x /etc/periodic/650.ip6fwlimit
> 	[snip]
> 	+ sysctl -n net.inet6.ip6.fw.verbose_limit
> 	+ IP6FW_LOG_LIMIT=
> 	+ [ 1 -eq 0 -a  -ne 0 ]
> 	[: : out of range
> 
> 
> >Fix:
> 
> 	If you don't have net.inet.ip.fw.verbose_limit or
> 	net.inet6.ip6.fw.verbose_limit, the variables ${IPFW_LOG_LIMIT}
> 	and ${IP6FW_LOG_LIMIT} should be 0.
> 
> 	Here is a diff.
> 
Yeah, this is a nasty "feature" of test(1)'s "-a" operator; 
In the following expression, "expression1 -a expression2",
expression2 is executed even if expression1 is false.

The correct fix would be:

Index: 550.ipfwlimit
===================================================================
RCS file: /home/ncvs/src/etc/periodic/security/550.ipfwlimit,v
retrieving revision 1.1
diff -u -r1.1 550.ipfwlimit
--- 550.ipfwlimit	2001/12/07 23:57:38	1.1
+++ 550.ipfwlimit	2001/12/14 08:52:43
@@ -44,7 +44,7 @@
 case "$daily_status_security_ipfwlimit_enable" in
     [Yy][Ee][Ss])
 	IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
-	if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then
+	if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
 	    ipfw -a l | grep " log " | perl -n -e \
 		'/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP}
 	    if [ -s "${TMP}" ]; then
Index: 650.ip6fwlimit
===================================================================
RCS file: /home/ncvs/src/etc/periodic/security/650.ip6fwlimit,v
retrieving revision 1.1
diff -u -r1.1 650.ip6fwlimit
--- 650.ip6fwlimit	2001/12/07 23:57:38	1.1
+++ 650.ip6fwlimit	2001/12/14 08:52:43
@@ -44,7 +44,7 @@
 case "$daily_status_security_ip6fwlimit_enable" in
     [Yy][Ee][Ss])
 	IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
-	if [ $? -eq 0 -a "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
+	if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
 	    ip6fw -a l | grep " log " | perl -n -e \
 		'/^\d+\s+(\d+)/; print if ($1 >= '$IP6FW_LOG_LIMIT')' > ${TMP}
 	    if [ -s "${TMP}" ]; then



Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

Comment 2 ru 2001-12-14 09:01:04 UTC

State Changed
From-To: open->closed

Fixed in a slightly different way, thanks for the spot! 

Comment 3 ru 2001-12-14 09:01:04 UTC

Responsible Changed
From-To: freebsd-bugs->ru