diff options
-rw-r--r-- | extensions/libipt_MASQUERADE.c | 32 | ||||
-rw-r--r-- | extensions/libipt_REDIRECT.c | 40 | ||||
-rw-r--r-- | ip6tables.c | 2 | ||||
-rw-r--r-- | iptables.c | 2 | ||||
-rw-r--r-- | xtables.c | 2 |
5 files changed, 37 insertions, 41 deletions
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 9d7fc172..3386ff34 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -38,34 +38,34 @@ static void MASQUERADE_init(struct xt_entry_target *t) static void parse_ports(const char *arg, struct nf_nat_multi_range *mr) { - const char *dash; - int port; + char *end; + unsigned int port, maxport; mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; - port = atoi(arg); - if (port <= 0 || port > 65535) - xtables_error(PARAMETER_PROBLEM, "Port \"%s\" not valid\n", arg); + if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX)) + xtables_param_act(XTF_BAD_VALUE, "MASQUERADE", "--to-ports", arg); - dash = strchr(arg, '-'); - if (!dash) { + switch (*end) { + case '\0': mr->range[0].min.tcp.port = mr->range[0].max.tcp.port = htons(port); - } else { - int maxport; + return; + case '-': + if (!xtables_strtoui(end + 1, NULL, &maxport, 0, UINT16_MAX)) + break; - maxport = atoi(dash + 1); - if (maxport == 0 || maxport > 65535) - xtables_error(PARAMETER_PROBLEM, - "Port `%s' not valid\n", dash+1); if (maxport < port) - /* People are stupid. Present reader excepted. */ - xtables_error(PARAMETER_PROBLEM, - "Port range `%s' funky\n", arg); + break; + mr->range[0].min.tcp.port = htons(port); mr->range[0].max.tcp.port = htons(maxport); + return; + default: + break; } + xtables_param_act(XTF_BAD_VALUE, "MASQUERADE", "--to-ports", arg); } static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags, diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index d39f0bd6..3dfcadfc 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -39,40 +39,36 @@ static void REDIRECT_init(struct xt_entry_target *t) static void parse_ports(const char *arg, struct nf_nat_multi_range *mr) { - const char *dash; - int port; + char *end; + unsigned int port, maxport; mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; - if (strchr(arg, '.')) - xtables_error(PARAMETER_PROBLEM, "IP address not permitted\n"); + if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX) && + (port = xtables_service_to_port(arg, NULL)) == (unsigned)-1) + xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg); - port = atoi(arg); - if (port == 0) - port = xtables_service_to_port(arg, NULL); - - if (port == 0 || port > 65535) - xtables_error(PARAMETER_PROBLEM, "Port \"%s\" not valid\n", arg); - - dash = strchr(arg, '-'); - if (!dash) { + switch (*end) { + case '\0': mr->range[0].min.tcp.port = mr->range[0].max.tcp.port = htons(port); - } else { - int maxport; + return; + case '-': + if (!xtables_strtoui(end + 1, NULL, &maxport, 0, UINT16_MAX) && + (maxport = xtables_service_to_port(end + 1, NULL)) == (unsigned)-1) + break; - maxport = atoi(dash + 1); - if (maxport == 0 || maxport > 65535) - xtables_error(PARAMETER_PROBLEM, - "Port `%s' not valid\n", dash+1); if (maxport < port) - /* People are stupid. */ - xtables_error(PARAMETER_PROBLEM, - "Port range `%s' funky\n", arg); + break; + mr->range[0].min.tcp.port = htons(port); mr->range[0].max.tcp.port = htons(maxport); + return; + default: + break; } + xtables_param_act(XTF_BAD_VALUE, "REDIRECT", "--to-ports", arg); } static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags, diff --git a/ip6tables.c b/ip6tables.c index 6ee42819..4e73d34e 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -224,7 +224,7 @@ proto_to_name(u_int8_t proto, int nolookup) return NULL; } -static void +static void __attribute__((noreturn)) exit_tryhelp(int status) { if (line != -1) @@ -237,7 +237,7 @@ enum { IPT_DOTTED_MASK }; -static void +static void __attribute__((noreturn)) exit_tryhelp(int status) { if (line != -1) @@ -1416,7 +1416,7 @@ host_to_ip6addr(const char *name, unsigned int *naddr) #ifdef DEBUG fprintf(stderr, "resolved: len=%d %s ", res->ai_addrlen, - ip6addr_to_numeric(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr)); + xtables_ip6addr_to_numeric(&((struct sockaddr_in6 *)res->ai_addr)->sin6_addr)); #endif /* Get the first element of the address-chain */ addr = xtables_malloc(sizeof(struct in6_addr)); |