iptables: abort on empty interface specification

Fiedler Roman brings to attention that if, in a faulty script, "$some_variable" expands to an empty string, iptables should probably catch this most likely undesired invocation. If no/all interfaces were really desired, one can either omit -i completely, or use -i +. References: http://marc.info/?l=netfilter&m=129439862903487&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2011-01-07 12:26:59 +0100
committer: Jan Engelhardt <jengelh@medozas.de> 2011-01-08 01:58:45 +0100
commit: 5b1fecc7d017df093db7c667bcd1718e45b1df67 (patch)
tree: 6f9f1e5e9bc9454c698be3ab81a09d9bebf38e61 /ip6tables.c
parent: 7ac405297ec38449b30e3b05fd6bf2082fd3d803 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/ip6tables.c b/ip6tables.c
index 84908ebf..b8449f6e 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1573,6 +1573,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
 
 		case 'i':
+			if (*optarg == '\0')
+				xtables_error(PARAMETER_PROBLEM,
+					"Empty interface is likely to be "
+					"undesired");
 			xtables_check_inverse(optarg, &invert, &optind, argc, argv);
 			set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags,
 				   invert);
@@ -1582,6 +1586,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 			break;
 
 		case 'o':
+			if (*optarg == '\0')
+				xtables_error(PARAMETER_PROBLEM,
+					"Empty interface is likely to be "
+					"undesired");
 			xtables_check_inverse(optarg, &invert, &optind, argc, argv);
 			set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags,
 				   invert);
author	Jan Engelhardt <jengelh@medozas.de>	2011-01-07 12:26:59 +0100
committer	Jan Engelhardt <jengelh@medozas.de>	2011-01-08 01:58:45 +0100
commit	5b1fecc7d017df093db7c667bcd1718e45b1df67 (patch)
tree	6f9f1e5e9bc9454c698be3ab81a09d9bebf38e61 /ip6tables.c
parent	7ac405297ec38449b30e3b05fd6bf2082fd3d803 (diff)