summaryrefslogtreecommitdiffstats
path: root/iptables-restore.c
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-03-16 16:49:21 +0100
committerJan Engelhardt <jengelh@medozas.de>2010-03-16 17:54:26 +0100
commit21d1283750d9c4df7ca80165d2b9dc0b9bd214eb (patch)
tree6dd5e4f1cd7a0082ecc59e14fa411ebe73063668 /iptables-restore.c
parent89b6c32f88be47e83c3f6e7f8fee812088cb8c22 (diff)
iptables: correctly check for too-long chain/target/match names
* iptables-restore was not checking for chain name length * iptables was not checking for match name length * target length was checked against 32, not 29. References: http://bugzilla.netfilter.org/show_bug.cgi?id=641 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'iptables-restore.c')
-rw-r--r--iptables-restore.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/iptables-restore.c b/iptables-restore.c
index 86d63e28..4a74485c 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -259,6 +259,12 @@ main(int argc, char *argv[])
exit(1);
}
+ if (strlen(chain) > XT_FUNCTION_MAXNAMELEN - 1)
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid chain name `%s' "
+ "(%u chars max)",
+ chain, XT_FUNCTION_MAXNAMELEN - 1);
+
if (iptc_builtin(chain, handle) <= 0) {
if (noflush && iptc_is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);