From 4e470fa34761085144640fb561a9ad26b2cde382 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 22 Oct 2019 12:25:28 +0200 Subject: xtables-restore: Unbreak *tables-restore Commit 3dc433b55bbfa ("xtables-restore: Fix --table parameter check") installed an error check which evaluated true in all cases as all callers of do_command callbacks pass a pointer to a table name already. Attached test case passed as it tested error condition only. Fix the whole mess by introducing a boolean to indicate whether a table parameter was seen already. Extend the test case to cover positive as well as negative behaviour and to test ebtables-restore and ip6tables-restore as well. Also add the required checking code to the latter since the original commit missed it. Fixes: 3dc433b55bbfa ("xtables-restore: Fix --table parameter check") Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- iptables/xtables-eb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'iptables/xtables-eb.c') diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index aa754d79..fd7d601f 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -780,6 +780,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, int selected_chain = -1; struct xtables_rule_match *xtrm_i; struct ebt_match *match; + bool table_set = false; /* prevent getopt to spoil our error reporting */ optind = 0; @@ -947,7 +948,7 @@ print_zero: break; case 't': /* Table */ ebt_check_option2(&flags, OPT_TABLE); - if (restore && *table) + if (restore && table_set) xtables_error(PARAMETER_PROBLEM, "The -t option (seen in line %u) cannot be used in %s.\n", line, xt_params->program_name); @@ -956,6 +957,7 @@ print_zero: "Table name length cannot exceed %d characters", EBT_TABLE_MAXNAMELEN - 1); *table = optarg; + table_set = true; break; case 'i': /* Input interface */ case 2 : /* Logical input interface */ -- cgit v1.2.3