summaryrefslogtreecommitdiffstats
path: root/iptables.c
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-03-16 16:49:21 +0100
committerJan Engelhardt <jengelh@medozas.de>2010-03-16 17:54:26 +0100
commit21d1283750d9c4df7ca80165d2b9dc0b9bd214eb (patch)
tree6dd5e4f1cd7a0082ecc59e14fa411ebe73063668 /iptables.c
parent89b6c32f88be47e83c3f6e7f8fee812088cb8c22 (diff)
iptables: correctly check for too-long chain/target/match names
* iptables-restore was not checking for chain name length * iptables was not checking for match name length * target length was checked against 32, not 29. References: http://bugzilla.netfilter.org/show_bug.cgi?id=641 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'iptables.c')
-rw-r--r--iptables.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/iptables.c b/iptables.c
index 08eb1345..25bc8cc6 100644
--- a/iptables.c
+++ b/iptables.c
@@ -460,10 +460,10 @@ parse_target(const char *targetname)
xtables_error(PARAMETER_PROBLEM,
"Invalid target name (too short)");
- if (strlen(targetname)+1 > sizeof(ipt_chainlabel))
+ if (strlen(targetname) > XT_FUNCTION_MAXNAMELEN - 1)
xtables_error(PARAMETER_PROBLEM,
"Invalid target name `%s' (%u chars max)",
- targetname, (unsigned int)sizeof(ipt_chainlabel)-1);
+ targetname, XT_FUNCTION_MAXNAMELEN - 1);
for (ptr = targetname; *ptr; ptr++)
if (isspace(*ptr))