summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIlles Marci <marci@balabit.hu>2003-03-03 08:05:07 +0000
committerHarald Welte <laforge@gnumonks.org>2003-03-03 08:05:07 +0000
commit26100fa186b9df8585a690e7efb3b13863efbe1f (patch)
treec121210c94bc6e6580b174cbf28656a42dc4ae61
parent9e78d17f27fa29cd198bf9728661d5a6c99b6fd5 (diff)
fix iptables-restore to not segfault on invalid input (Illes Marci <marci@balabit.hu>)
Diffstat
-rw-r--r--iptables-restore.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/iptables-restore.c b/iptables-restore.c
index 65670f24..13dcd259 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -4,7 +4,7 @@
*
* This code is distributed under the terms of GNU GPL v2
*
- * $Id: iptables-restore.c,v 1.21 2002/05/29 13:08:15 laforge Exp $
+ * $Id: iptables-restore.c,v 1.22 2002/08/07 09:07:41 laforge Exp $
*/
#include <getopt.h>
@@ -106,6 +106,7 @@ int main(int argc, char *argv[])
char curtable[IPT_TABLE_MAXNAMELEN + 1];
FILE *in;
const char *modprobe = 0;
+ int in_table = 0;
program_name = "iptables-restore";
program_version = IPTABLES_VERSION;
@@ -161,10 +162,11 @@ int main(int argc, char *argv[])
else if (buffer[0] == '#') {
if (verbose) fputs(buffer, stdout);
continue;
- } else if (strcmp(buffer, "COMMIT\n") == 0) {
+ } else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
DEBUGP("Calling commit\n");
ret = iptc_commit(&handle);
- } else if (buffer[0] == '*') {
+ in_table = 0;
+ } else if ((buffer[0] == '*') && (!in_table)){
/* New table */
char *table;
@@ -192,8 +194,9 @@ int main(int argc, char *argv[])
}
ret = 1;
+ in_table = 1;
- } else if (buffer[0] == ':') {
+ } else if ((buffer[0] == ':') && (in_table)) {
/* New chain. */
char *policy, *chain;
@@ -252,7 +255,7 @@ int main(int argc, char *argv[])
ret = 1;
- } else {
+ } else if (in_table) {
int a;
char *ptr = buffer;
char *pcnt = NULL;
generated by cgit v1.2.3 (git 2.25.0) at 2025-02-22 16:53:59 +0000