diff options
| author | Phil Sutter <phil@nwl.cc> | 2018-08-23 17:43:23 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-24 10:05:51 +0200 |
| commit | acde6be32036f36122c31afbfca4828b2790e05d (patch) | |
| tree | 2faa11f38ecc7b46b7c42f05ca6965ba51abb461 /iptables/xtables-eb-translate.c | |
| parent | 2c4e4d2a7432d483ac5599a15b36d1dc1edf72df (diff) | |
ebtables-translate: Fix segfault while parsing extension options
Previous review of match/target lookup did not consider
xtables-eb-translate.c which contains the same code. Fix parsing of
target/match arguments there as well by introducing
ebt_command_default() which consolidates the previously duplicated code.
One notable quirk in comparison to the similar xtables code: Since
ebtables allows for negations in ugly places (e.g. '--arp-opcode ! 1'),
ebt_check_inverse2() has to be called first.
Fixes: aa7fb04fcf72c ("ebtables: Review match/target lookup")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables-eb-translate.c')
| -rw-r--r-- | iptables/xtables-eb-translate.c | 33 |
1 files changed, 6 insertions, 27 deletions
diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c index 1e66bf71..145653d5 100644 --- a/iptables/xtables-eb-translate.c +++ b/iptables/xtables-eb-translate.c @@ -286,7 +286,7 @@ static int do_commandeb_xlate(struct nft_handle *h, int argc, char *argv[], char int rule_nr_end = 0; int ret = 0; unsigned int flags = 0; - struct xtables_target *t, *w; + struct xtables_target *t; struct xtables_match *m; struct iptables_command_state cs = { .argv = argv, @@ -620,34 +620,13 @@ print_zero: optind--; continue; default: - /* Is it a target option? */ - if (cs.target != NULL && cs.target->parse != NULL) { - int opt_offset = cs.target->option_offset; - if (cs.target->parse(c - opt_offset, - argv, ebt_invert, - &cs.target->tflags, - NULL, &cs.target->t)) - goto check_extension; - } + ebt_check_inverse2(optarg, argc, argv); - /* Is it a match_option? */ - for (m = xtables_matches; m; m = m->next) { - if (m->parse(c - m->option_offset, argv, ebt_check_inverse2(optarg, argc, argv), &m->mflags, NULL, &m->m)) { - ebt_add_match(m, &cs); - goto check_extension; - } - } + if (ebt_command_default(&cs)) + xtables_error(PARAMETER_PROBLEM, + "Unknown argument: '%s'", + argv[optind - 1]); - /* Is it a watcher option? */ - for (w = xtables_targets; w; w = w->next) { - if (w->parse(c - w->option_offset, argv, - ebt_invert, &w->tflags, - NULL, &w->t)) { - ebt_add_watcher(w, &cs); - goto check_extension; - } - } -check_extension: if (command != 'A' && command != 'I' && command != 'D') xtables_error(PARAMETER_PROBLEM, |