iptables: correctly check for too-long chain/target/match names

* iptables-restore was not checking for chain name length * iptables was not checking for match name length * target length was checked against 32, not 29. References: http://bugzilla.netfilter.org/show_bug.cgi?id=641 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2010-03-16 16:49:21 +0100
committer: Jan Engelhardt <jengelh@medozas.de> 2010-03-16 17:54:26 +0100
commit: 21d1283750d9c4df7ca80165d2b9dc0b9bd214eb (patch)
tree: 6dd5e4f1cd7a0082ecc59e14fa411ebe73063668 /ip6tables-restore.c
parent: 89b6c32f88be47e83c3f6e7f8fee812088cb8c22 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index d0efbeed..f0725d1e 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -253,6 +253,12 @@ int main(int argc, char *argv[])
 				exit(1);
 			}
 
+			if (strlen(chain) > XT_FUNCTION_MAXNAMELEN - 1)
+				xtables_error(PARAMETER_PROBLEM,
+					   "Invalid chain name `%s' "
+					   "(%u chars max)",
+					   chain, XT_FUNCTION_MAXNAMELEN - 1);
+
 			if (ip6tc_builtin(chain, handle) <= 0) {
 				if (noflush && ip6tc_is_chain(chain, handle)) {
 					DEBUGP("Flushing existing user defined chain '%s'\n", chain);
author	Jan Engelhardt <jengelh@medozas.de>	2010-03-16 16:49:21 +0100
committer	Jan Engelhardt <jengelh@medozas.de>	2010-03-16 17:54:26 +0100
commit	21d1283750d9c4df7ca80165d2b9dc0b9bd214eb (patch)
tree	6dd5e4f1cd7a0082ecc59e14fa411ebe73063668 /ip6tables-restore.c
parent	89b6c32f88be47e83c3f6e7f8fee812088cb8c22 (diff)