From bdb0132cb4c26a35dbb93743067655103e83eee7 Mon Sep 17 00:00:00 2001
From: Ilia Rostovtsev <ilia@rostovtsev.io>
Date: Sun, 28 Nov 2021 16:34:50 +0300
Subject: [PATCH] Fix IPv6 support with TCP Wrappers module
 https://sourceforge.net/p/webadmin/bugs/5506/
 https://sourceforge.net/p/webadmin/bugs/5521/

---
 tcpwrappers/save_rule.cgi      |  8 ++++++--
 tcpwrappers/tcpwrappers-lib.pl | 25 +++++++++++++++----------
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/tcpwrappers/save_rule.cgi b/tcpwrappers/save_rule.cgi
index deb6d20cb..3d790ae25 100755
--- a/tcpwrappers/save_rule.cgi
+++ b/tcpwrappers/save_rule.cgi
@@ -23,8 +23,10 @@ if ($in{'delete'}) {
     &error($text{'save_eservice'}) if ($in{'service_custom'} && $in{'service_custom'} !~ /^[\w\d\s\-\/\.,]+$/);
     &error($text{'save_eservice'}) if ($in{'service_except_custom'} && $in{'service_except_custom'} !~ /^[\w\d\s\-\/\.,]+$/);
 
-    &error($text{'save_ehost'}) if ($in{'host_text_def'} == 0 && $in{'host_text'} !~ /^[\w\d\s\-\/\@\.,]+$/);
-    &error($text{'save_ehost'}) if ($in{'host_except'} && $in{'host_except'} !~ /^[\w\d\s\-\/\@\.,]+$/);
+    &error($text{'save_ehost'})
+        if ($in{'host_text_def'} == 0 && $in{'host_text'} !~ /^[\w\d\s\-\/\@\.,]+$/ && $in{'host_text'} !~ /^\[[:\d]+\]/);
+    &error($text{'save_ehost'})
+        if ($in{'host_except'} && $in{'host_except'} !~ /^[\w\d\s\-\/\@\.,]+$/ && $in{'host_except'} !~ /^\[[:\d]+\]/);
 
     for (my $i = 0; $i <= $in{'cmd_count'}; $i++) {
 	&error($text{'save_ecmd'}) if ($in{'cmd_'.$i} && $in{'cmd_'.$i} !~ /^[\w\d\s\-\/\@\%\|\(\)\'\"\&\.,]+$/);
@@ -58,10 +60,12 @@ for (my $i = 0; $i <= $in{'cmd_count'}; $i++) {
     $cmd .= $in{'cmd_'.$i};
 }
 
+
 my %newrule = ( 'service' => $service,
 		'host' => $host,
 		'cmd' => $cmd
 		);
+webmin_debug_var_dump(\%newrule, 'save_rule');
 
 # Save to file
 if ($in{'new'}) {
diff --git a/tcpwrappers/tcpwrappers-lib.pl b/tcpwrappers/tcpwrappers-lib.pl
index ada57f72a..d1bf9a1d9 100755
--- a/tcpwrappers/tcpwrappers-lib.pl
+++ b/tcpwrappers/tcpwrappers-lib.pl
@@ -38,11 +38,20 @@ sub list_rules {
 	} else {
 	    my @cmtlines = split(/\n/, $cmt);
 	    $cmt = undef;
-	    $line =~ s/\\:/\0/g;
-	    my ($service, $host, $cmd) = split /:/, $line, 3;
-	    $host =~ s/\0/:/g;
+
+        # Fix further splitting on : to work with ipv6
+        my $ipv6;
+        my $ipv6_enc;
+
+        # Match ipv6 with or without range
+        if ($line =~ /(?|(\[[:\d]+\]\/\d+)|(\[[:\d]+\]))/) {
+            $ipv6 = $1;
+            $ipv6_enc = &encode_base64($ipv6);
+            $line =~ s/\Q$ipv6\E/$ipv6_enc/;
+        }
+        my ($service, $host, $cmd) = split /:/, $line, 3;
 	    $service =~ s/^\s*//; $service =~ s/\s*$//;
-	    $host =~ s/^\s*//; $host =~ s/\s*$//;
+	    $host =~ s/^\s*\Q$ipv6_enc\E/$ipv6/; $host =~ s/\s*$//;
 	    
 	    push @ret, { 'id' => $id++,
 			 'service' => $service,
@@ -100,9 +109,7 @@ sub create_rule {
     my ($file, $rule) = @_;
 
     my $lref = &read_file_lines($file);
-    my $host = $rule->{'host'};
-    $host =~ s/:/\\:/g;
-    my $newline = $rule->{'service'}.' : '.$host.($rule->{'cmd'} ? ' : '.$rule->{'cmd'} : '');
+    my $newline = $rule->{'service'}.' : '.$rule->{'host'}.($rule->{'cmd'} ? ' : '.$rule->{'cmd'} : '');
     push(@$lref, $newline);
     &flush_file_lines($file);
 }
@@ -112,9 +119,7 @@ sub create_rule {
 sub modify_rule {
     my ($filename, $oldrule, $newrule) = @_;
 
-    my $host = $newrule->{'host'};
-    $host =~ s/:/\\:/g;
-    my @newline = ($newrule->{'service'}.' : '.$host.($newrule->{'cmd'} ? ' : '.$newrule->{'cmd'} : ''));
+    my @newline = ($newrule->{'service'}.' : '.$newrule->{'host'}.($newrule->{'cmd'} ? ' : '.$newrule->{'cmd'} : ''));
 
     my $lref = &read_file_lines($filename);
     my $len = $oldrule->{'eline'} - $oldrule->{'line'} + 1;