iptables: limit chain name length to be consistent with targets

Creationg of chain names longer than the ones being able to jump to should be inhibited for consistency. References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2 Cc: Stig Thormodsrud <stig@vyatta.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2010-09-13 15:45:15 +0200
committer: Jan Engelhardt <jengelh@medozas.de> 2010-09-13 15:50:44 +0200
commit: 5429b41c2bb4ac8fe672a1513a041c0ed0c241f6 (patch)
tree: 54f6b68059b6ca468660da6b424c59eeb9332b52 /iptables.c
parent: 0195836374cd195b13e0653ec9355a8ecd174313 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/iptables.c b/iptables.c
index 19f6d4fe..840dd3e5 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
 	generic_opt_check(command, options);
 
-	if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
+	if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
 		xtables_error(PARAMETER_PROBLEM,
-			   "chain name `%s' too long (must be under %i chars)",
-			   chain, IPT_FUNCTION_MAXNAMELEN);
+			   "chain name `%s' too long (must be under %u chars)",
+			   chain, XT_EXTENSION_MAXNAMELEN);
 
 	/* only allocate handle if we weren't called with a handle */
 	if (!*handle)
author	Jan Engelhardt <jengelh@medozas.de>	2010-09-13 15:45:15 +0200
committer	Jan Engelhardt <jengelh@medozas.de>	2010-09-13 15:50:44 +0200
commit	5429b41c2bb4ac8fe672a1513a041c0ed0c241f6 (patch)
tree	54f6b68059b6ca468660da6b424c59eeb9332b52 /iptables.c
parent	0195836374cd195b13e0653ec9355a8ecd174313 (diff)