diff options
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/ip6tables.c | 5 | ||||
-rw-r--r-- | iptables/iptables.c | 5 | ||||
-rw-r--r-- | iptables/xtables.c | 76 |
3 files changed, 23 insertions, 63 deletions
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index d13744ca..04e5224f 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -1536,7 +1536,6 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand * Option selection */ case 'p': - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_PROTOCOL, &cs.fw6.ipv6.invflags, cs.invert); @@ -1562,14 +1561,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 's': - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_SOURCE, &cs.fw6.ipv6.invflags, cs.invert); shostnetworkmask = optarg; break; case 'd': - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_DESTINATION, &cs.fw6.ipv6.invflags, cs.invert); dhostnetworkmask = optarg; @@ -1594,7 +1591,6 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand xtables_error(PARAMETER_PROBLEM, "Empty interface is likely to be " "undesired"); - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_VIANAMEIN, &cs.fw6.ipv6.invflags, cs.invert); xtables_parse_interface(optarg, @@ -1607,7 +1603,6 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand xtables_error(PARAMETER_PROBLEM, "Empty interface is likely to be " "undesired"); - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_VIANAMEOUT, &cs.fw6.ipv6.invflags, cs.invert); xtables_parse_interface(optarg, diff --git a/iptables/iptables.c b/iptables/iptables.c index 6ceaf6b8..50dc1e7a 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -1566,7 +1566,6 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl * Option selection */ case 'p': - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_PROTOCOL, &cs.fw.ip.invflags, cs.invert); @@ -1584,14 +1583,12 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl break; case 's': - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_SOURCE, &cs.fw.ip.invflags, cs.invert); shostnetworkmask = optarg; break; case 'd': - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_DESTINATION, &cs.fw.ip.invflags, cs.invert); dhostnetworkmask = optarg; @@ -1616,7 +1613,6 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl xtables_error(PARAMETER_PROBLEM, "Empty interface is likely to be " "undesired"); - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_VIANAMEIN, &cs.fw.ip.invflags, cs.invert); xtables_parse_interface(optarg, @@ -1629,7 +1625,6 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl xtables_error(PARAMETER_PROBLEM, "Empty interface is likely to be " "undesired"); - xtables_check_inverse(optarg, &cs.invert, &optind, argc, argv); set_option(&cs.options, OPT_VIANAMEOUT, &cs.fw.ip.invflags, cs.invert); xtables_parse_interface(optarg, diff --git a/iptables/xtables.c b/iptables/xtables.c index c4b1c2a8..1a5e568c 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -632,6 +632,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload, /* Second and subsequent clones */ clone = xtables_malloc(sizeof(struct xtables_match)); memcpy(clone, ptr, sizeof(struct xtables_match)); + clone->udata = NULL; clone->mflags = 0; /* This is a clone: */ clone->next = clone; @@ -1299,7 +1300,7 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp, struct in_addr **maskpp, unsigned int *naddrs) { struct in_addr *addrp; - char buf[256], *p; + char buf[256], *p, *next; unsigned int len, i, j, n, count = 1; const char *loop = name; @@ -1314,23 +1315,19 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp, loop = name; for (i = 0; i < count; ++i) { - if (loop == NULL) - break; - if (*loop == ',') + while (isspace(*loop)) ++loop; - if (*loop == '\0') - break; - p = strchr(loop, ','); - if (p != NULL) - len = p - loop; + next = strchr(loop, ','); + if (next != NULL) + len = next - loop; else len = strlen(loop); - if (len == 0 || sizeof(buf) - 1 < len) - break; + if (len > sizeof(buf) - 1) + xt_params->exit_err(PARAMETER_PROBLEM, + "Hostname too long"); strncpy(buf, loop, len); buf[len] = '\0'; - loop += len; if ((p = strrchr(buf, '/')) != NULL) { *p = '\0'; addrp = parse_ipmask(p + 1); @@ -1368,6 +1365,9 @@ void xtables_ipparse_multiple(const char *name, struct in_addr **addrpp, } /* free what ipparse_hostnetwork had allocated: */ free(addrp); + if (next == NULL) + break; + loop = next + 1; } *naddrs = count; for (i = 0; i < count; ++i) @@ -1616,7 +1616,7 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp, { static const struct in6_addr zero_addr; struct in6_addr *addrp; - char buf[256], *p; + char buf[256], *p, *next; unsigned int len, i, j, n, count = 1; const char *loop = name; @@ -1631,23 +1631,19 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp, loop = name; for (i = 0; i < count /*NB: count can grow*/; ++i) { - if (loop == NULL) - break; - if (*loop == ',') + while (isspace(*loop)) ++loop; - if (*loop == '\0') - break; - p = strchr(loop, ','); - if (p != NULL) - len = p - loop; + next = strchr(loop, ','); + if (next != NULL) + len = next - loop; else len = strlen(loop); - if (len == 0 || sizeof(buf) - 1 < len) - break; + if (len > sizeof(buf) - 1) + xt_params->exit_err(PARAMETER_PROBLEM, + "Hostname too long"); strncpy(buf, loop, len); buf[len] = '\0'; - loop += len; if ((p = strrchr(buf, '/')) != NULL) { *p = '\0'; addrp = parse_ip6mask(p + 1); @@ -1681,6 +1677,9 @@ xtables_ip6parse_multiple(const char *name, struct in6_addr **addrpp, } /* free what ip6parse_hostnetwork had allocated: */ free(addrp); + if (next == NULL) + break; + loop = next + 1; } *naddrs = count; for (i = 0; i < count; ++i) @@ -1767,35 +1766,6 @@ void xtables_save_string(const char *value) } } -/** - * Check for option-intrapositional negation. - * Do not use in new code. - */ -int xtables_check_inverse(const char option[], int *invert, - int *my_optind, int argc, char **argv) -{ - if (option == NULL || strcmp(option, "!") != 0) - return false; - - fprintf(stderr, "Using intrapositioned negation " - "(`--option ! this`) is deprecated in favor of " - "extrapositioned (`! --option this`).\n"); - - if (*invert) - xt_params->exit_err(PARAMETER_PROBLEM, - "Multiple `!' flags not allowed"); - *invert = true; - if (my_optind != NULL) { - optarg = argv[*my_optind]; - ++*my_optind; - if (argc && *my_optind > argc) - xt_params->exit_err(PARAMETER_PROBLEM, - "no argument following `!'"); - } - - return true; -} - const struct xtables_pprot xtables_chain_protos[] = { {"tcp", IPPROTO_TCP}, {"sctp", IPPROTO_SCTP}, |