diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2010-09-13 15:45:15 +0200 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2010-09-13 15:50:44 +0200 |
commit | 5429b41c2bb4ac8fe672a1513a041c0ed0c241f6 (patch) | |
tree | 54f6b68059b6ca468660da6b424c59eeb9332b52 | |
parent | 0195836374cd195b13e0653ec9355a8ecd174313 (diff) |
iptables: limit chain name length to be consistent with targets
Creationg of chain names longer than the ones being able to jump to
should be inhibited for consistency.
References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2
Cc: Stig Thormodsrud <stig@vyatta.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-rw-r--r-- | ip6tables.c | 6 | ||||
-rw-r--r-- | iptables.c | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/ip6tables.c b/ip6tables.c index 6c5d124c..15067da2 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1838,10 +1838,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand generic_opt_check(command, options); - if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN) + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, - "chain name `%s' too long (must be under %i chars)", - chain, IP6T_FUNCTION_MAXNAMELEN); + "chain name `%s' too long (must be under %u chars)", + chain, XT_EXTENSION_MAXNAMELEN); /* only allocate handle if we weren't called with a handle */ if (!*handle) @@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle generic_opt_check(command, options); - if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN) + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, - "chain name `%s' too long (must be under %i chars)", - chain, IPT_FUNCTION_MAXNAMELEN); + "chain name `%s' too long (must be under %u chars)", + chain, XT_EXTENSION_MAXNAMELEN); /* only allocate handle if we weren't called with a handle */ if (!*handle) |