summaryrefslogtreecommitdiffstats
path: root/iptables
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2021-01-28 01:09:56 +0100
committerPhil Sutter <phil@nwl.cc>2021-01-28 10:28:57 +0100
commit30c1d443896311e69762d6b51b63908ec602574f (patch)
tree9c3c98f2a5afec0755b5ca77f81278988ed825b8 /iptables
parentf485d324e99fc9a9a7fe310b97e1ebf8114b36c6 (diff)
ebtables: Exit gracefully on invalid table names
Users are able to cause program abort by passing a table name that doesn't exist: | # ebtables-nft -t dummy -P INPUT ACCEPT | ebtables: nft-cache.c:455: fetch_chain_cache: Assertion `t' failed. | Aborted Avoid this by checking table existence just like iptables-nft does upon parsing '-t' optarg. Since the list of tables is known and fixed, checking the given name's length is pointless. So just drop that check in return. With this patch in place, output looks much better: | # ebtables-nft -t dummy -P INPUT ACCEPT | ebtables v1.8.7 (nf_tables): table 'dummy' does not exist | Perhaps iptables or your kernel needs to be upgraded. Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r--iptables/xtables-eb.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index cfa9317c..5bb34d6d 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -914,10 +914,10 @@ print_zero:
xtables_error(PARAMETER_PROBLEM,
"The -t option (seen in line %u) cannot be used in %s.\n",
line, xt_params->program_name);
- if (strlen(optarg) > EBT_TABLE_MAXNAMELEN - 1)
- xtables_error(PARAMETER_PROBLEM,
- "Table name length cannot exceed %d characters",
- EBT_TABLE_MAXNAMELEN - 1);
+ if (!nft_table_builtin_find(h, optarg))
+ xtables_error(VERSION_PROBLEM,
+ "table '%s' does not exist",
+ optarg);
*table = optarg;
table_set = true;
break;