diff options
author | Patrick McHardy <kaber@trash.net> | 2011-07-11 10:41:10 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2011-07-11 10:41:10 +0200 |
commit | 88e0a097c3f23dadf041b60445c6c9802c502f15 (patch) | |
tree | 1f1a4576b62c76d81fa2dc377ad5babd70729470 /iptables/xtables.c | |
parent | 795ea2e8d4d9f01a606d0d7aac22572801e06989 (diff) | |
parent | d22ceae71eaae9f641e002074fb49cd7925a7c2f (diff) |
Merge branch 'master' of git://dev.medozas.de/iptables
Diffstat (limited to 'iptables/xtables.c')
-rw-r--r-- | iptables/xtables.c | 76 |
1 files changed, 23 insertions, 53 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c index c4b1c2a8..1a5e568c 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -632,6 +632,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload, /* Second and subsequent clones */ clone = xtables_malloc(sizeof(struct xtables_match)); memcpy(clone, ptr, sizeof(struct xtables_match)); + clone->udata = NULL; clone->mflags = 0; /* This is a clone: */ clone->next = clone; @@ -1299,7 +1300,7 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp, struct in_addr **maskpp, unsigned int *naddrs) { struct in_addr *addrp; - char buf[256], *p; + char buf[256], *p, *next; unsigned int len, i, j, n, count = 1; const char *loop = name; @@ -1314,23 +1315,19 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp, loop = name; for (i = 0; i < count; ++i) { - if (loop == NULL) - break; - if (*loop == ',') + while (isspace(*loop)) ++loop; - if (*loop == '\0') - break; - p = strchr(loop, ','); - if (p != NULL) - len = p - loop; + next = strchr(loop, ','); + if (next != NULL) + len = next - loop; else len = strlen(loop); - if (len == 0 || sizeof(buf) - 1 < len) - break; + if (len > sizeof(buf) - 1) + xt_params->exit_err(PARAMETER_PROBLEM, + "Hostname too long"); strncpy(buf, loop, len); buf[len] = '\0'; - loop += len; if ((p = strrchr(buf, '/')) != NULL) { *p = '\0'; addrp = parse_ipmask(p + 1); @@ -1368,6 +1365,9 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp, } /* free what ipparse_hostnetwork had allocated: */ free(addrp); + if (next == NULL) + break; + loop = next + 1; } *naddrs = count; for (i = 0; i < count; ++i) @@ -1616,7 +1616,7 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp, { static const struct in6_addr zero_addr; struct in6_addr *addrp; - char buf[256], *p; + char buf[256], *p, *next; unsigned int len, i, j, n, count = 1; const char *loop = name; @@ -1631,23 +1631,19 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp, loop = name; for (i = 0; i < count /*NB: count can grow*/; ++i) { - if (loop == NULL) - break; - if (*loop == ',') + while (isspace(*loop)) ++loop; - if (*loop == '\0') - break; - p = strchr(loop, ','); - if (p != NULL) - len = p - loop; + next = strchr(loop, ','); + if (next != NULL) + len = next - loop; else len = strlen(loop); - if (len == 0 || sizeof(buf) - 1 < len) - break; + if (len > sizeof(buf) - 1) + xt_params->exit_err(PARAMETER_PROBLEM, + "Hostname too long"); strncpy(buf, loop, len); buf[len] = '\0'; - loop += len; if ((p = strrchr(buf, '/')) != NULL) { *p = '\0'; addrp = parse_ip6mask(p + 1); @@ -1681,6 +1677,9 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp, } /* free what ip6parse_hostnetwork had allocated: */ free(addrp); + if (next == NULL) + break; + loop = next + 1; } *naddrs = count; for (i = 0; i < count; ++i) @@ -1767,35 +1766,6 @@ void xtables_save_string(const char *value) } } -/** - * Check for option-intrapositional negation. - * Do not use in new code. - */ -int xtables_check_inverse(const char option[], int *invert, - int *my_optind, int argc, char **argv) -{ - if (option == NULL || strcmp(option, "!") != 0) - return false; - - fprintf(stderr, "Using intrapositioned negation " - "(`--option ! this`) is deprecated in favor of " - "extrapositioned (`! --option this`).\n"); - - if (*invert) - xt_params->exit_err(PARAMETER_PROBLEM, - "Multiple `!' flags not allowed"); - *invert = true; - if (my_optind != NULL) { - optarg = argv[*my_optind]; - ++*my_optind; - if (argc && *my_optind > argc) - xt_params->exit_err(PARAMETER_PROBLEM, - "no argument following `!'"); - } - - return true; -} - const struct xtables_pprot xtables_chain_protos[] = { {"tcp", IPPROTO_TCP}, {"sctp", IPPROTO_SCTP}, |