From d0cbf5f34d3421064eb0fbbcdc6b90cda4e81f2d Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 4 Aug 2008 12:51:01 +0200
Subject: iptables-restore: fix segmentation fault with -tanything

Reference: Debian bug #458042

iptables-restore must not pass a table into do_command. It checks for
"-t arg" and "--table arg", but not "-targ". (On a related note,
using -targ does not work as expected).

This should fail gracefully, but crashes:

	iptables-restore <(echo -e '*filter\n-A INPUT -tx\nCOMMIT')

And this should use table "filter", or perhaps raise an error, but
instead sets the table to (literally) "-tfilter":

	iptables -tfilter -A INPUT

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 iptables.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'iptables.c')

diff --git a/iptables.c b/iptables.c
index bf3cbca2..41e18361 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1764,7 +1764,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 			if (invert)
 				exit_error(PARAMETER_PROBLEM,
 					   "unexpected ! flag before --table");
-			*table = argv[optind-1];
+			*table = optarg;
 			break;
 
 		case 'x':
@@ -1911,8 +1911,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 				}
 				if (!m)
 					exit_error(PARAMETER_PROBLEM,
-						   "Unknown arg `%s'",
-						   argv[optind-1]);
+						   "Unknown arg `%s'", optarg);
 			}
 		}
 		invert = FALSE;
-- 
cgit v1.2.3