From 0acde1f28a576f5d4f2b51881555c31644940372 Mon Sep 17 00:00:00 2001 From: Martin Josefsson Date: Sat, 5 Jul 2003 20:11:11 +0000 Subject: fix rule deletion in modified libiptc (Martin Josefsson) --- libiptc/libiptc.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'libiptc') diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index e0cee2df..8636c8b0 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -1,4 +1,4 @@ -/* Library which manipulates firewall rules. Version $Revision: 1.38 $ */ +/* Library which manipulates firewall rules. Version $Revision: 1.40 $ */ /* Architecture of firewall rules is as follows: * @@ -471,16 +471,20 @@ correct_cache(TC_HANDLE_T h, unsigned int offset, int delta) if (delta < 0) { /* take care about deleted chains */ - if (cc->start_off >= offset+delta - && cc->end_off <= offset) { + if (cc->start_off > offset+delta + && cc->end_off < offset) { /* this chain is within the deleted range, * let's remove it from the cache */ void *start; unsigned int size; h->cache_num_chains--; - if (i+1 >= h->cache_num_chains) + + /* no need for memmove since we are + * removing the last entry */ + if (i >= h->cache_num_chains) continue; + start = &h->cache_chain_heads[i+1]; size = (h->cache_num_chains-i) * sizeof(struct chain_cache); @@ -943,7 +947,7 @@ delete_rules(unsigned int num_rules, unsigned int rules_size, (*handle)->entries.size -= rules_size; /* Fix the chain cache */ - if (!correct_cache(*handle, offset, -(int)rules_size)) + if (!correct_cache(*handle, offset+rules_size, -(int)rules_size)) return 0; return set_verdict(offset, -(int)rules_size, handle); -- cgit v1.2.3