diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2010-03-16 16:49:21 +0100 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2010-03-16 17:54:26 +0100 |
| commit | 21d1283750d9c4df7ca80165d2b9dc0b9bd214eb (patch) | |
| tree | 6dd5e4f1cd7a0082ecc59e14fa411ebe73063668 | |
| parent | 89b6c32f88be47e83c3f6e7f8fee812088cb8c22 (diff) | |
iptables: correctly check for too-long chain/target/match names
* iptables-restore was not checking for chain name length
* iptables was not checking for match name length
* target length was checked against 32, not 29.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=641
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| -rw-r--r-- | ip6tables-restore.c | 6 | ||||
| -rw-r--r-- | ip6tables.c | 4 | ||||
| -rw-r--r-- | iptables-restore.c | 6 | ||||
| -rw-r--r-- | iptables.c | 4 | ||||
| -rw-r--r-- | xtables.c | 5 |
5 files changed, 21 insertions, 4 deletions
diff --git a/ip6tables-restore.c b/ip6tables-restore.c index d0efbeed..f0725d1e 100644 --- a/ip6tables-restore.c +++ b/ip6tables-restore.c @@ -253,6 +253,12 @@ int main(int argc, char *argv[]) exit(1); } + if (strlen(chain) > XT_FUNCTION_MAXNAMELEN - 1) + xtables_error(PARAMETER_PROBLEM, + "Invalid chain name `%s' " + "(%u chars max)", + chain, XT_FUNCTION_MAXNAMELEN - 1); + if (ip6tc_builtin(chain, handle) <= 0) { if (noflush && ip6tc_is_chain(chain, handle)) { DEBUGP("Flushing existing user defined chain '%s'\n", chain); diff --git a/ip6tables.c b/ip6tables.c index e2359dfe..6ee42819 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -456,10 +456,10 @@ parse_target(const char *targetname) xtables_error(PARAMETER_PROBLEM, "Invalid target name (too short)"); - if (strlen(targetname)+1 > sizeof(ip6t_chainlabel)) + if (strlen(targetname) > XT_FUNCTION_MAXNAMELEN - 1) xtables_error(PARAMETER_PROBLEM, "Invalid target name `%s' (%u chars max)", - targetname, (unsigned int)sizeof(ip6t_chainlabel)-1); + targetname, XT_FUNCTION_MAXNAMELEN - 1); for (ptr = targetname; *ptr; ptr++) if (isspace(*ptr)) diff --git a/iptables-restore.c b/iptables-restore.c index 86d63e28..4a74485c 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -259,6 +259,12 @@ main(int argc, char *argv[]) exit(1); } + if (strlen(chain) > XT_FUNCTION_MAXNAMELEN - 1) + xtables_error(PARAMETER_PROBLEM, + "Invalid chain name `%s' " + "(%u chars max)", + chain, XT_FUNCTION_MAXNAMELEN - 1); + if (iptc_builtin(chain, handle) <= 0) { if (noflush && iptc_is_chain(chain, handle)) { DEBUGP("Flushing existing user defined chain '%s'\n", chain); @@ -460,10 +460,10 @@ parse_target(const char *targetname) xtables_error(PARAMETER_PROBLEM, "Invalid target name (too short)"); - if (strlen(targetname)+1 > sizeof(ipt_chainlabel)) + if (strlen(targetname) > XT_FUNCTION_MAXNAMELEN - 1) xtables_error(PARAMETER_PROBLEM, "Invalid target name `%s' (%u chars max)", - targetname, (unsigned int)sizeof(ipt_chainlabel)-1); + targetname, XT_FUNCTION_MAXNAMELEN - 1); for (ptr = targetname; *ptr; ptr++) if (isspace(*ptr)) @@ -545,6 +545,11 @@ xtables_find_match(const char *name, enum xtables_tryload tryload, struct xtables_match *ptr; const char *icmp6 = "icmp6"; + if (strlen(name) > XT_FUNCTION_MAXNAMELEN - 1) + xtables_error(PARAMETER_PROBLEM, + "Invalid match name \"%s\" (%u chars max)", + name, XT_FUNCTION_MAXNAMELEN - 1); + /* This is ugly as hell. Nonetheless, there is no way of changing * this without hurting backwards compatibility */ if ( (strcmp(name,"icmpv6") == 0) || |