diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-06-25 11:56:55 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:34 +0100 |
commit | 9283066f1216276116b3f4f85abf18bd673a7b11 (patch) | |
tree | 453cc82a8a10c9ffa9b2724eff04e22d3c279c1c | |
parent | 137cc981906f356c971da6de13e777a419382ff4 (diff) |
xtables: do not proceed if nft_init fails
Fix a crash if nft_init fails, it happens if nfnetlink support
is not available in your Linux kernel.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/xtables-config.c | 6 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 8 | ||||
-rw-r--r-- | iptables/xtables-save.c | 8 | ||||
-rw-r--r-- | iptables/xtables-standalone.c | 8 |
4 files changed, 26 insertions, 4 deletions
diff --git a/iptables/xtables-config.c b/iptables/xtables-config.c index 12165627..515b18b1 100644 --- a/iptables/xtables-config.c +++ b/iptables/xtables-config.c @@ -35,7 +35,11 @@ int xtables_config_main(int argc, char *argv[]) else filename = argv[1]; - nft_init(&h); + if (nft_init(&h) < 0) { + fprintf(stderr, "Failed to initialize nft: %s\n", + strerror(errno)); + return EXIT_FAILURE; + } return nft_xtables_config_load(&h, filename, NFT_LOAD_VERBOSE) == 0 ? EXIT_SUCCESS : EXIT_FAILURE; diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 4f196fc6..a5d2a65d 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -193,7 +193,13 @@ xtables_restore_main(int argc, char *argv[]) init_extensions4(); #endif - nft_init(&h); + if (nft_init(&h) < 0) { + fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", + xtables_globals.program_name, + xtables_globals.program_version, + strerror(errno)); + exit(EXIT_FAILURE); + } while ((c = getopt_long(argc, argv, "bcvthnM:T:46", options, NULL)) != -1) { switch (c) { diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 111ad4be..49b859dd 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -96,7 +96,13 @@ xtables_save_main(int argc, char *argv[]) init_extensions(); init_extensions4(); #endif - nft_init(&h); + if (nft_init(&h) < 0) { + fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", + xtables_globals.program_name, + xtables_globals.program_version, + strerror(errno)); + exit(EXIT_FAILURE); + } while ((c = getopt_long(argc, argv, "bcdt:46", options, NULL)) != -1) { switch (c) { diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c index 4299506a..3f8b981f 100644 --- a/iptables/xtables-standalone.c +++ b/iptables/xtables-standalone.c @@ -61,7 +61,13 @@ xtables_main(int argc, char *argv[]) init_extensions4(); #endif - nft_init(&h); + if (nft_init(&h) < 0) { + fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", + xtables_globals.program_name, + xtables_globals.program_version, + strerror(errno)); + exit(EXIT_FAILURE); + } ret = do_commandx(&h, argc, argv, &table); if (!ret) { |