diff options
author | Phil Sutter <phil@nwl.cc> | 2023-07-21 19:40:30 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-07-28 11:50:59 +0200 |
commit | 4a2b2008fdf4df980433f99a6d8f2003f2005296 (patch) | |
tree | e7d603f7a276e1dd977f3a2c5ddc773c8c6918c2 /iptables/iptables-restore.c | |
parent | a2532c966659f386781a5757e0a1f42cb1d81573 (diff) |
*tables-restore: Enforce correct counters syntax if present
If '--counters' option was not given, restore parsers would ignore
anything following the policy word. Make them more strict, rejecting
anything in that spot which does not look like counter values even if
not restoring counters.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/iptables-restore.c')
-rw-r--r-- | iptables/iptables-restore.c | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index 6f7ddf93..f11b2dc2 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -283,23 +283,21 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb, xt_params->program_name, line); if (strcmp(policy, "-") != 0) { + char *ctrs = strtok(NULL, " \t\n"); struct xt_counters count = {}; - if (counters) { - char *ctrs; - ctrs = strtok(NULL, " \t\n"); - - if (!ctrs || !parse_counters(ctrs, &count)) - xtables_error(PARAMETER_PROBLEM, - "invalid policy counters for chain '%s'", - chain); - } + if ((!ctrs && counters) || + (ctrs && !parse_counters(ctrs, &count))) + xtables_error(PARAMETER_PROBLEM, + "invalid policy counters for chain '%s'", + chain); DEBUGP("Setting policy of chain %s to %s\n", chain, policy); - if (!cb->ops->set_policy(chain, policy, &count, - handle)) + if (!cb->ops->set_policy(chain, policy, + counters ? &count : NULL, + handle)) xtables_error(OTHER_PROBLEM, "Can't set policy `%s' on `%s' line %u: %s", policy, chain, line, |