base/SOURCES/0001-ipset-check-type-when-parsing-ipset-definition.patch

From 26e35f61bb856aa482f84f50521f924d4a6c12b1 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Thu, 24 May 2018 16:30:13 -0400
Subject: [PATCH 1/5] ipset: check type when parsing ipset definition

(cherry picked from commit ebe0cb93c3f38a5d9af267407769eb187940c62f)
---
 src/firewall/core/io/ipset.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/firewall/core/io/ipset.py b/src/firewall/core/io/ipset.py
index f291d15e0033..0670677b4206 100644
--- a/src/firewall/core/io/ipset.py
+++ b/src/firewall/core/io/ipset.py
@@ -320,6 +320,8 @@ class ipset_ContentHandler(IO_Object_ContentHandler):
         self.item.parser_check_element_attrs(name, attrs)
         if name == "ipset":
             if "type" in attrs:
+                if attrs["type"] not in IPSET_TYPES:
+                    raise FirewallError(errors.INVALID_TYPE, "%s" % attrs["type"])
                 self.item.type = attrs["type"]
             if "version" in attrs:
                 self.item.version = attrs["version"]
-- 
2.16.3