diff options
author | Phil Sutter <phil@nwl.cc> | 2023-07-21 19:40:30 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-07-28 11:50:59 +0200 |
commit | 4a2b2008fdf4df980433f99a6d8f2003f2005296 (patch) | |
tree | e7d603f7a276e1dd977f3a2c5ddc773c8c6918c2 /iptables/xtables-restore.c | |
parent | a2532c966659f386781a5757e0a1f42cb1d81573 (diff) |
*tables-restore: Enforce correct counters syntax if present
If '--counters' option was not given, restore parsers would ignore
anything following the policy word. Make them more strict, rejecting
anything in that spot which does not look like counter values even if
not restoring counters.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/xtables-restore.c')
-rw-r--r-- | iptables/xtables-restore.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index abe56374..23cd3498 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -166,19 +166,17 @@ static void xtables_restore_parse_line(struct nft_handle *h, xt_params->program_name, line); if (nft_chain_builtin_find(state->curtable, chain)) { - if (counters) { - char *ctrs; - ctrs = strtok(NULL, " \t\n"); + char *ctrs = strtok(NULL, " \t\n"); - if (!ctrs || !parse_counters(ctrs, &count)) - xtables_error(PARAMETER_PROBLEM, - "invalid policy counters for chain '%s'", - chain); - - } + if ((!ctrs && counters) || + (ctrs && !parse_counters(ctrs, &count))) + xtables_error(PARAMETER_PROBLEM, + "invalid policy counters for chain '%s'", + chain); if (cb->chain_set && cb->chain_set(h, state->curtable->name, - chain, policy, &count) < 0) { + chain, policy, + counters ? &count : NULL) < 0) { xtables_error(OTHER_PROBLEM, "Can't set policy `%s' on `%s' line %u: %s", policy, chain, line, |