diff options
| author | Phil Oester <kernel@linuxace.com> | 2014-01-23 22:06:58 -0800 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-01-29 20:16:08 +0100 |
| commit | f53b78e423d82b0c71c076480f52edeb5eaec5f8 (patch) | |
| tree | fe9ef0007cef1af50cb1c95d57cf72a9a9f7a088 | |
| parent | a0e224be48300b308a02f7bf898f0838463a7305 (diff) | |
iptables-xml: fix segfault if missing space after -A
As pointed out by Bernhard Reutner-Fischer, a malformed line fed to
iptables-xml such as the below with a missing space after the -A:
-APOSTROUTING -d 1.1.1.1/32 -p tcp -j MASQUERADE
causes a segfault. Patch attached.
This closes netfilter bugzilla #886.
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | iptables/iptables-xml.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c index 96284476..c7615abb 100644 --- a/iptables/iptables-xml.c +++ b/iptables/iptables-xml.c @@ -845,6 +845,11 @@ iptables_xml_main(int argc, char *argv[]) for (a = 0; a < newargc; a++) DEBUGP("argv[%u]: %s\n", a, newargv[a]); + if (!chain) { + fprintf(stderr, "%s: line %u failed - no chain found\n", + prog_name, line); + exit(1); + } needChain(chain);// Should we explicitly look for -A do_rule(pcnt, bcnt, newargc, newargv, newargvattr); |