summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArturo Borrero <arturo.borrero.glez@gmail.com>2015-01-05 15:28:46 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2015-01-06 22:17:43 +0100
commitbc543af074cf4372162eb330b914d2b0fdb6b6c7 (patch)
tree0b69246b0ee8579c88ef553ffc3611578d860b73
parent42cfeee024d0ba0c6b15645f829273ee3dcfa5c6 (diff)
ebtables-compat: fix segfault in rules w/o target
This patch fixes a segfault in rules without target. Now, these two rules are allowed: % ebtables-compat -A FORWARD -p 0x0600 -j CONTINUE % ebtables-compat -A FORWARD -p 0x0600 And both are printed: Bridge chain: FORWARD, entries: 1, policy: ACCEPT -p 0x600 -j CONTINUE Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--iptables/nft-bridge.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 90bcd63d..fd9554eb 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -114,6 +114,9 @@ static int _add_action(struct nft_rule *r, struct ebtables_command_state *cs)
{
int ret = 0;
+ if (cs->jumpto == NULL || strcmp(cs->jumpto, "CONTINUE") == 0)
+ return 0;
+
/* If no target at all, add nothing (default to continue) */
if (cs->target != NULL) {
/* Standard target? */
@@ -452,14 +455,16 @@ static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num,
}
printf("-j ");
- if (!(format & FMT_NOTARGET))
- printf("%s", cs.jumpto);
-
if (cs.target != NULL) {
if (cs.target->print != NULL) {
cs.target->print(&cs.fw, cs.target->t,
format & FMT_NUMERIC);
}
+ } else {
+ if (strcmp(cs.jumpto, "") == 0)
+ printf("CONTINUE");
+ else
+ printf("%s", cs.jumpto);
}
if (!(format & FMT_NOCOUNTS))