diff options
-rw-r--r-- | ip6tables.c | 3 | ||||
-rw-r--r-- | iptables.c | 3 | ||||
-rw-r--r-- | xshared.h | 4 | ||||
-rw-r--r-- | xtables.c | 4 |
4 files changed, 12 insertions, 2 deletions
diff --git a/ip6tables.c b/ip6tables.c index b8449f6e..4ca4bfec 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1714,6 +1714,9 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand if (matchp->completed || matchp->match->parse == NULL) continue; + if (c < matchp->match->option_offset || + c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE) + continue; if (matchp->match->parse(c - matchp->match->option_offset, argv, invert, &matchp->match->mflags, @@ -1746,6 +1746,9 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle if (matchp->completed || matchp->match->parse == NULL) continue; + if (c < matchp->match->option_offset || + c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE) + continue; if (matchp->match->parse(c - matchp->match->option_offset, argv, invert, &matchp->match->mflags, @@ -4,6 +4,10 @@ struct xtables_rule_match; struct xtables_target; +enum { + XT_OPTION_OFFSET_SCALE = 256, +}; + extern void print_extension_helps(const struct xtables_target *, const struct xtables_rule_match *); @@ -49,7 +49,7 @@ # define IP6T_SO_GET_REVISION_TARGET 69 #endif #include <getopt.h> - +#include "xshared.h" #define NPROTO 255 @@ -111,7 +111,7 @@ struct option *xtables_merge_options(struct option *orig_opts, mp = merge + num_oold; /* Second, the new options */ - xt_params->option_offset += 256; + xt_params->option_offset += XT_OPTION_OFFSET_SCALE; *option_offset = xt_params->option_offset; memcpy(mp, newopts, sizeof(*mp) * num_new); |