From 78fd3470c8521270862b6783dbe2d1d179b8df40 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Mon, 16 Apr 2007 17:09:39 +0000 Subject: prepare conntrack and conntrackd merge: rename conntrack to conntrack-tools --- Makefile | 2 +- iptables-restore.c | 47 ++++++++++++++++++++++++++++++++--------------- 2 files changed, 33 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index 81e72d4..e61fc6e 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ endif IPTABLES_VERSION:=1.3.7 OLD_IPTABLES_VERSION:=1.3.6 -PREFIX:=/usr/local +PREFIX:=/usr LIBDIR:=$(PREFIX)/lib BINDIR:=$(PREFIX)/sbin MANDIR:=$(PREFIX)/man diff --git a/iptables-restore.c b/iptables-restore.c index 89acd73..9b8563a 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -301,8 +301,9 @@ main(int argc, char *argv[]) char *parsestart; /* the parser */ - char *param_start, *curchar; + char *curchar; int quote_open; + int param_len; /* reset the newargv */ newargc = 0; @@ -349,9 +350,11 @@ main(int argc, char *argv[]) * longer a real hacker, but I can live with that */ quote_open = 0; - param_start = parsestart; + param_len = 0; for (curchar = parsestart; *curchar; curchar++) { + char param_buffer[1024]; + if (*curchar == '"') { /* quote_open cannot be true if there * was no previous character. Thus, @@ -360,30 +363,27 @@ main(int argc, char *argv[]) *(curchar-1) != '\\') { quote_open = 0; *curchar = ' '; - } else { + } else if (!quote_open) { quote_open = 1; - param_start++; + continue; } } if (*curchar == ' ' || *curchar == '\t' || * curchar == '\n') { - char param_buffer[1024]; - int param_len = curchar-param_start; - if (quote_open) + if (quote_open) { + param_buffer[param_len++] = + *curchar; continue; + } if (!param_len) { /* two spaces? */ - param_start++; continue; } - - /* end of one parameter */ - strncpy(param_buffer, param_start, - param_len); - *(param_buffer+param_len) = '\0'; + + param_buffer[param_len] = '\0'; /* check if table name specified */ if (!strncmp(param_buffer, "-t", 3) @@ -395,9 +395,26 @@ main(int argc, char *argv[]) } add_argv(param_buffer); - param_start += param_len + 1; + param_len = 0; } else { - /* regular character, skip */ + /* Skip backslash that escapes quote: + * the standard input does not require + * escaping. However, the output + * generated by iptables-save + * introduces bashlash to keep + * consistent with iptables + */ + if (quote_open && + *curchar == '\\' && + *(curchar+1) == '"') + continue; + + /* regular character, copy to buffer */ + param_buffer[param_len++] = *curchar; + + if (param_len >= sizeof(param_buffer)) + exit_error(PARAMETER_PROBLEM, + "Parameter too long!"); } } -- cgit v1.2.3