diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-08-04 12:51:01 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-08-04 12:51:01 +0200 |
commit | d0cbf5f34d3421064eb0fbbcdc6b90cda4e81f2d (patch) | |
tree | 1a271189fda828a4dbe4b89a8194d8d8c47444a9 /iptables.c | |
parent | 415a8580cc2b053687c197e8e25d606e8420c672 (diff) |
iptables-restore: fix segmentation fault with -tanything
Reference: Debian bug #458042
iptables-restore must not pass a table into do_command. It checks for
"-t arg" and "--table arg", but not "-targ". (On a related note,
using -targ does not work as expected).
This should fail gracefully, but crashes:
iptables-restore <(echo -e '*filter\n-A INPUT -tx\nCOMMIT')
And this should use table "filter", or perhaps raise an error, but
instead sets the table to (literally) "-tfilter":
iptables -tfilter -A INPUT
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'iptables.c')
-rw-r--r-- | iptables.c | 5 |
1 files changed, 2 insertions, 3 deletions
@@ -1764,7 +1764,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) if (invert) exit_error(PARAMETER_PROBLEM, "unexpected ! flag before --table"); - *table = argv[optind-1]; + *table = optarg; break; case 'x': @@ -1911,8 +1911,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) } if (!m) exit_error(PARAMETER_PROBLEM, - "Unknown arg `%s'", - argv[optind-1]); + "Unknown arg `%s'", optarg); } } invert = FALSE; |