From 1d0f57c14ad5923d8ffcecc7f372fcc15b3945fa Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Thu, 12 Jan 2006 09:12:47 +0000
Subject: Don't allow using --next option without specifying a policy element

---
 extensions/libip6t_policy.c | 9 +++++++--
 extensions/libipt_policy.c  | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index c3f77020..189ca6e1 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -220,7 +220,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 		if (e->match.spi)
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: double --spi option");
-		
+
 		e->match.spi = 1;
 		e->invert.spi = invert;
 		e->spi = strtol(argv[optind-1], NULL, 0x10);
@@ -272,7 +272,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 		if (e->match.mode)
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: double --mode option");
-		
+
 		mode = parse_mode(argv[optind-1]);
 		e->match.mode = 1;
 		e->invert.mode = invert;
@@ -283,6 +283,11 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: can't invert --next option");
 
+                if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+                      e->match.daddr || e->match.proto || e->match.mode))
+                        exit_error(PARAMETER_PROBLEM,
+                                   "policy match: --next without policy element specification");
+
 		if (++info->len == IP6T_POLICY_MAX_ELEM)
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: maximum policy depth reached");
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 403b1b73..df4916d6 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -180,7 +180,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 		if (e->match.spi)
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: double --spi option");
-		
+
 		e->match.spi = 1;
 		e->invert.spi = invert;
 		e->spi = strtol(argv[optind-1], NULL, 0x10);
@@ -232,7 +232,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 		if (e->match.mode)
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: double --mode option");
-		
+
 		mode = parse_mode(argv[optind-1]);
 		e->match.mode = 1;
 		e->invert.mode = invert;
@@ -243,6 +243,11 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: can't invert --next option");
 
+		if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+		      e->match.daddr || e->match.proto || e->match.mode))
+			exit_error(PARAMETER_PROBLEM,
+			           "policy match: --next without policy element specification");
+
 		if (++info->len == IPT_POLICY_MAX_ELEM)
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: maximum policy depth reached");
-- 
cgit v1.2.3