summaryrefslogtreecommitdiffstats
path: root/iptables.c
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2011-01-08 02:47:02 +0100
committerJan Engelhardt <jengelh@medozas.de>2011-01-08 02:47:02 +0100
commitfa503ad59f73d20d85f4cdf53324a01d2ad8591e (patch)
treecbfd2f6112a24a65238f50e828f14fb9bc0862b7 /iptables.c
parent1e128bd804b676ee91beca48312de9b251845d09 (diff)
ip[6]tables: only call target's parse function when option char is in range
Same as previous commit. Doing this actually allows to remove code that is no longer needed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'iptables.c')
-rw-r--r--iptables.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/iptables.c b/iptables.c
index bcacd49f..b45211a9 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1738,6 +1738,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
default:
if (target == NULL || target->parse == NULL ||
+ c < target->option_offset ||
+ c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
!target->parse(c - target->option_offset,
argv, invert,
&target->tflags,