diff options
author | Dmitry V. Levin <ldv@altlinux.org> | 2010-05-14 13:24:51 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-05-14 13:24:51 +0200 |
commit | 84d758b3bc3121a5603261699c474f64672ef9f6 (patch) | |
tree | ffc29bb21e054a86c8f0f0125cb359aac7daa1fb | |
parent | 967cb7106f0f61cd7b8fbb10bc2451a3f7372a43 (diff) |
extensions: REDIRECT: fix --to-ports parser
Rewrite port range validator to use xtables_strtoui() and
xtables_param_act(). Original check failed to recognize
several types of port range errors, including:
"-1", "-1a", "-1-a", "a-1", "1a-2", "1-2a", etc.
Also, original parser erroneously denied using port 0,
which is now allowed.
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | extensions/libipt_REDIRECT.c | 40 |
1 files changed, 18 insertions, 22 deletions
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index d39f0bd6..3dfcadfc 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -39,40 +39,36 @@ static void REDIRECT_init(struct xt_entry_target *t) static void parse_ports(const char *arg, struct nf_nat_multi_range *mr) { - const char *dash; - int port; + char *end; + unsigned int port, maxport; mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; - if (strchr(arg, '.')) - xtables_error(PARAMETER_PROBLEM, "IP address not permitted\n"); + if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX) && + (port = xtables_service_to_port(arg, NULL)) == (unsigned)-1) + xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg); - port = atoi(arg); - if (port == 0) - port = xtables_service_to_port(arg, NULL); - - if (port == 0 || port > 65535) - xtables_error(PARAMETER_PROBLEM, "Port \"%s\" not valid\n", arg); - - dash = strchr(arg, '-'); - if (!dash) { + switch (*end) { + case '\0': mr->range[0].min.tcp.port = mr->range[0].max.tcp.port = htons(port); - } else { - int maxport; + return; + case '-': + if (!xtables_strtoui(end + 1, NULL, &maxport, 0, UINT16_MAX) && + (maxport = xtables_service_to_port(end + 1, NULL)) == (unsigned)-1) + break; - maxport = atoi(dash + 1); - if (maxport == 0 || maxport > 65535) - xtables_error(PARAMETER_PROBLEM, - "Port `%s' not valid\n", dash+1); if (maxport < port) - /* People are stupid. */ - xtables_error(PARAMETER_PROBLEM, - "Port range `%s' funky\n", arg); + break; + mr->range[0].min.tcp.port = htons(port); mr->range[0].max.tcp.port = htons(maxport); + return; + default: + break; } + xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg); } static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags, |