From 5429b41c2bb4ac8fe672a1513a041c0ed0c241f6 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 13 Sep 2010 15:45:15 +0200
Subject: iptables: limit chain name length to be consistent with targets

Creationg of chain names longer than the ones being able to jump to
should be inhibited for consistency.

References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2
Cc: Stig Thormodsrud <stig@vyatta.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 iptables.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'iptables.c')

diff --git a/iptables.c b/iptables.c
index 19f6d4fe..840dd3e5 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
 	generic_opt_check(command, options);
 
-	if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
+	if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
 		xtables_error(PARAMETER_PROBLEM,
-			   "chain name `%s' too long (must be under %i chars)",
-			   chain, IPT_FUNCTION_MAXNAMELEN);
+			   "chain name `%s' too long (must be under %u chars)",
+			   chain, XT_EXTENSION_MAXNAMELEN);
 
 	/* only allocate handle if we weren't called with a handle */
 	if (!*handle)
-- 
cgit v1.2.3