path: root/src/erec.c
diff options
authorPhil Sutter <>2018-04-10 19:00:20 +0200
committerPablo Neira Ayuso <>2018-04-11 09:57:28 +0200
commit2b3f18e0cf7a7914b500cf17cc47e5bddb9d6848 (patch)
treea06a723c5e218908d76b44b9118d18c04394805a /src/erec.c
parent5b10dbb6ccba10cfe57facc499c30b48e32a146a (diff)
libnftables: Fix for input without trailing newline
Input parser implementation requires a newline at end of input, otherwise the last pattern may not be recognized correctly. If input comes from a file, the culprit was YY_INPUT macro not expecting the last line not ending with a newline, so the last word wasn't accepted. This is easily fixed by checking for feof(yyin) in there. A simple test case for that is: | echo -en "table ip t {\nchain c {\n}\n}" >/tmp/foo | nft -f /tmp/foo Input from a string buffer is a bit more tricky: The culprit here is that detection of classid pattern is done by checking the character following it which makes it impossible to sit right at end of input and I haven't found an alternative to that. After dropping the manual newline appending when combining argv into a single buffer in main(), a rule like this won't be recognized anymore: | nft add rule ip t c meta priority feed:babe Since a direct call to run_cmd_from_buffer() via libnftables bypasses the sanitizing done in main() entirely, it has to happen in libnftables instead which means creating a newline-terminated duplicate of the input buffer. Note that main() created a buffer one byte longer than needed since it accounts for whitespace at end of each argv but doesn't add it to the buffer for the last one, so buffer length is reduced by two bytes instead of just one although only one less character is printed into it. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src/erec.c')
0 files changed, 0 insertions, 0 deletions