summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_policy.c
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-01-12 09:12:47 +0000
committerPatrick McHardy <kaber@trash.net>2006-01-12 09:12:47 +0000
commit1d0f57c14ad5923d8ffcecc7f372fcc15b3945fa (patch)
tree0ca278d21d38405fef2dc4acbbeedc6b21e97412 /extensions/libipt_policy.c
parentcddae3dc37a6b6a5d523876a970ec0391c613ee3 (diff)
Don't allow using --next option without specifying a policy element
Diffstat (limited to 'extensions/libipt_policy.c')
-rw-r--r--extensions/libipt_policy.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 403b1b73..df4916d6 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -180,7 +180,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
if (e->match.spi)
exit_error(PARAMETER_PROBLEM,
"policy match: double --spi option");
-
+
e->match.spi = 1;
e->invert.spi = invert;
e->spi = strtol(argv[optind-1], NULL, 0x10);
@@ -232,7 +232,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
if (e->match.mode)
exit_error(PARAMETER_PROBLEM,
"policy match: double --mode option");
-
+
mode = parse_mode(argv[optind-1]);
e->match.mode = 1;
e->invert.mode = invert;
@@ -243,6 +243,11 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"policy match: can't invert --next option");
+ if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+ e->match.daddr || e->match.proto || e->match.mode))
+ exit_error(PARAMETER_PROBLEM,
+ "policy match: --next without policy element specification");
+
if (++info->len == IPT_POLICY_MAX_ELEM)
exit_error(PARAMETER_PROBLEM,
"policy match: maximum policy depth reached");