summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-restore.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/xtables-restore.c')
-rw-r--r--iptables/xtables-restore.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 2f0fe7d4..fb2ac8b5 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -281,7 +281,7 @@ void xtables_restore_parse(struct nft_handle *h,
const struct nft_xt_restore_parse *p)
{
struct nft_xt_restore_state state = {};
- char preload_buffer[PREBUFSIZ] = {}, buffer[10240], *ptr;
+ char preload_buffer[PREBUFSIZ] = {}, buffer[10240] = {}, *ptr;
if (!h->noflush) {
nft_fake_cache(h);
@@ -293,11 +293,13 @@ void xtables_restore_parse(struct nft_handle *h,
while (fgets(buffer, sizeof(buffer), p->in)) {
size_t blen = strlen(buffer);
- /* drop trailing newline; xtables_restore_parse_line()
+ /* Drop trailing newline; xtables_restore_parse_line()
* uses strtok() which replaces them by nul-characters,
* causing unpredictable string delimiting in
- * preload_buffer */
- if (buffer[blen - 1] == '\n')
+ * preload_buffer.
+ * Unless this is an empty line which would fold into a
+ * spurious EoB indicator (double nul-char). */
+ if (buffer[blen - 1] == '\n' && blen > 1)
buffer[blen - 1] = '\0';
else
blen++;
@@ -327,10 +329,12 @@ void xtables_restore_parse(struct nft_handle *h,
line = 0;
ptr = preload_buffer;
while (*ptr) {
+ size_t len = strlen(ptr);
+
h->error.lineno = ++line;
DEBUGP("%s: buffered line %d: '%s'\n", __func__, line, ptr);
xtables_restore_parse_line(h, p, &state, ptr);
- ptr += strlen(ptr) + 1;
+ ptr += len + 1;
}
if (*buffer) {
h->error.lineno = ++line;