From: Andjelko Horvat <andjelko.horvat.comel@gmail.com>
Date: Thu, 8 Dec 2016 22:28:04 +0000 (+0100)
Subject: Add sanity check for rule to hash parser
X-Git-Tag: 1.10.0~5^2~4
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=06cf2ee;p=puppet-modules%2Fpuppetlabs-firewall.git

Add sanity check for rule to hash parser

Parser fails in some cases with combined arguments e.g. if some other argument
is set between match name and match option, like dport in this example:

-m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN

If the parsed keys and values count is not the same, the error is raised with
the problematic rule line.
---

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index f599faa..cb1d1d3 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -438,10 +438,16 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     values.slice!('-A')
     keys << :chain
 
+    valrev = values.scan(/("([^"\\]|\\.)*"|\S+)/).transpose[0].reverse
+
+    if keys.length != valrev.length then
+      raise "Parser error: keys (#{keys.length}) and values (#{valrev.length}) count mismatch on line: #{line}"
+    end
+
     # Here we generate the main hash by scanning arguments off the values
     # string, handling any quoted characters present in the value, and then
     # zipping the values with the array of keys.
-    keys.zip(values.scan(/("([^"\\]|\\.)*"|\S+)/).transpose[0].reverse) do |f, v|
+    keys.zip(valrev) do |f, v|
       if v =~ /^".*"$/ then
         hash[f] = v.sub(/^"(.*)"$/, '\1').gsub(/\\(\\|'|")/, '\1')
       else