diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-08-04 12:51:01 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-08-04 12:51:01 +0200 |
commit | d0cbf5f34d3421064eb0fbbcdc6b90cda4e81f2d (patch) | |
tree | 1a271189fda828a4dbe4b89a8194d8d8c47444a9 /ip6tables.c | |
parent | 415a8580cc2b053687c197e8e25d606e8420c672 (diff) |
iptables-restore: fix segmentation fault with -tanything
Reference: Debian bug #458042
iptables-restore must not pass a table into do_command. It checks for
"-t arg" and "--table arg", but not "-targ". (On a related note,
using -targ does not work as expected).
This should fail gracefully, but crashes:
iptables-restore <(echo -e '*filter\n-A INPUT -tx\nCOMMIT')
And this should use table "filter", or perhaps raise an error, but
instead sets the table to (literally) "-tfilter":
iptables -tfilter -A INPUT
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'ip6tables.c')
-rw-r--r-- | ip6tables.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/ip6tables.c b/ip6tables.c index 2b053924..283a1c2d 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1747,7 +1747,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) if (invert) exit_error(PARAMETER_PROBLEM, "unexpected ! flag before --table"); - *table = argv[optind-1]; + *table = optarg; break; case 'x': @@ -1890,8 +1890,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) if (!m) exit_error(PARAMETER_PROBLEM, - "Unknown arg `%s'", - argv[optind-1]); + "Unknown arg `%s'", optarg); } } invert = FALSE; |