diff options
author | Florian Westphal <fw@strlen.de> | 2012-05-10 05:42:47 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-14 10:40:25 +0200 |
commit | cb999dfdaf25d5a774d2ee84cb99355438d57c93 (patch) | |
tree | 89ae73d30bfc2f7be29c9e19dad5ce8719574442 | |
parent | 6111382a6c27e73c1cef1777c1253be0453a9dbb (diff) |
ip(6)tables-restore: make sure argv is NULL terminated
Else, argv[argc] may point to free'd memory.
Some extensions, e.g. rateest, may fail to parse valid input
because argv[optind] (with optind == argc) is not NULL.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/ip6tables-restore.c | 2 | ||||
-rw-r--r-- | iptables/iptables-restore.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c index 92bdc302..3894d68d 100644 --- a/iptables/ip6tables-restore.c +++ b/iptables/ip6tables-restore.c @@ -98,7 +98,7 @@ static int add_argv(char *what) { DEBUGP("add_argv: %s\n", what); if (what && newargc + 1 < ARRAY_SIZE(newargv)) { newargv[newargc] = strdup(what); - newargc++; + newargv[++newargc] = NULL; return 1; } else { xtables_error(PARAMETER_PROBLEM, diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index 6b1c7929..034f9606 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -97,7 +97,7 @@ static int add_argv(char *what) { DEBUGP("add_argv: %s\n", what); if (what && newargc + 1 < ARRAY_SIZE(newargv)) { newargv[newargc] = strdup(what); - newargc++; + newargv[++newargc] = NULL; return 1; } else { xtables_error(PARAMETER_PROBLEM, |