diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2011-01-07 12:26:59 +0100 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2011-01-08 01:58:45 +0100 |
commit | 5b1fecc7d017df093db7c667bcd1718e45b1df67 (patch) | |
tree | 6f9f1e5e9bc9454c698be3ab81a09d9bebf38e61 | |
parent | 7ac405297ec38449b30e3b05fd6bf2082fd3d803 (diff) |
iptables: abort on empty interface specification
Fiedler Roman brings to attention that if, in a faulty script,
"$some_variable" expands to an empty string, iptables should probably
catch this most likely undesired invocation. If no/all interfaces were
really desired, one can either omit -i completely, or use -i +.
References: http://marc.info/?l=netfilter&m=129439862903487&w=2
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-rw-r--r-- | ip6tables.c | 8 | ||||
-rw-r--r-- | iptables.c | 8 |
2 files changed, 16 insertions, 0 deletions
diff --git a/ip6tables.c b/ip6tables.c index 84908ebf..b8449f6e 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1573,6 +1573,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand case 'i': + if (*optarg == '\0') + xtables_error(PARAMETER_PROBLEM, + "Empty interface is likely to be " + "undesired"); xtables_check_inverse(optarg, &invert, &optind, argc, argv); set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags, invert); @@ -1582,6 +1586,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand break; case 'o': + if (*optarg == '\0') + xtables_error(PARAMETER_PROBLEM, + "Empty interface is likely to be " + "undesired"); xtables_check_inverse(optarg, &invert, &optind, argc, argv); set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags, invert); @@ -1590,6 +1590,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle case 'i': + if (*optarg == '\0') + xtables_error(PARAMETER_PROBLEM, + "Empty interface is likely to be " + "undesired"); xtables_check_inverse(optarg, &invert, &optind, argc, argv); set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags, invert); @@ -1599,6 +1603,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'o': + if (*optarg == '\0') + xtables_error(PARAMETER_PROBLEM, + "Empty interface is likely to be " + "undesired"); xtables_check_inverse(optarg, &invert, &optind, argc, argv); set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags, invert); |