diff options
| author | Phil Sutter <phil@nwl.cc> | 2018-08-17 15:35:47 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-08-17 16:15:23 +0200 |
| commit | 92f7b04fbd1803783b3efe1f1de8e81b2bac15ac (patch) | |
| tree | a6bf5852c800e3e9d52f993269ad66fbcb120184 /libiptc | |
| parent | 294f9ef5ee354ff902dfdc091a604f93083c248d (diff) | |
xtables: Fix for segfault in iptables-nft
Trying to set a chain's policy in an invalid table resulted in a
segfault. Reproducer was:
| # iptables -t broute -P BROUTING ACCEPT
Fix this by aborting in nft_chain_new() if nft_table_builtin_find()
returned NULL for the given table name.
For an illustrative error message, set errno to ENXIO in the above case
and add an appropriate Mesage to nft_strerror().
While being at it, improve the error message if an invalid policy was
given. Before:
| # iptables-nft -t filter -P INPUT ACCEPTdf
| iptables: Incompatible with this kernel.
After:
| # iptables-nft -t filter -P INPUT ACCEPTdf
| iptables: Bad policy name. Run `dmesg' for more information.
Third unrelated change in this patch: Drop error checking of
nft_chain_set() in do_commandx(): The function never returns negative,
so that check never yielded true.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'libiptc')
0 files changed, 0 insertions, 0 deletions