diff options
Diffstat (limited to 'extensions/libip6t_policy.c')
-rw-r--r-- | extensions/libip6t_policy.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c index c3f77020..189ca6e1 100644 --- a/extensions/libip6t_policy.c +++ b/extensions/libip6t_policy.c @@ -220,7 +220,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, if (e->match.spi) exit_error(PARAMETER_PROBLEM, "policy match: double --spi option"); - + e->match.spi = 1; e->invert.spi = invert; e->spi = strtol(argv[optind-1], NULL, 0x10); @@ -272,7 +272,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, if (e->match.mode) exit_error(PARAMETER_PROBLEM, "policy match: double --mode option"); - + mode = parse_mode(argv[optind-1]); e->match.mode = 1; e->invert.mode = invert; @@ -283,6 +283,11 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "policy match: can't invert --next option"); + if (!(e->match.reqid || e->match.spi || e->match.saddr || + e->match.daddr || e->match.proto || e->match.mode)) + exit_error(PARAMETER_PROBLEM, + "policy match: --next without policy element specification"); + if (++info->len == IP6T_POLICY_MAX_ELEM) exit_error(PARAMETER_PROBLEM, "policy match: maximum policy depth reached"); |