summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libxt_string.c8
-rw-r--r--include/xtables.h.in1
-rw-r--r--ip6tables.c2
-rw-r--r--iptables.c3
4 files changed, 7 insertions, 7 deletions
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 5ea529e4..ba4b720a 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -64,9 +64,10 @@ static void string_init(struct xt_entry_match *m)
static void
parse_string(const char *s, struct xt_string_info *info)
{
+ /* xt_string does not need \0 at the end of the pattern */
if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) {
strncpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE);
- info->patlen = strlen(s);
+ info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE);
return;
}
xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s);
@@ -75,7 +76,8 @@ parse_string(const char *s, struct xt_string_info *info)
static void
parse_algo(const char *s, struct xt_string_info *info)
{
- if (strlen(s) <= XT_STRING_MAX_ALGO_NAME_SIZE) {
+ /* xt_string needs \0 for algo name */
+ if (strlen(s) < XT_STRING_MAX_ALGO_NAME_SIZE) {
strncpy(info->algo, s, XT_STRING_MAX_ALGO_NAME_SIZE);
return;
}
@@ -208,8 +210,6 @@ string_parse(int c, char **argv, int invert, unsigned int *flags,
else
stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
}
- stringinfo->patlen = strnlen((char *)&stringinfo->pattern,
- sizeof(stringinfo->patlen));
*flags |= STRING;
break;
diff --git a/include/xtables.h.in b/include/xtables.h.in
index 3f556c1c..d86276e7 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -8,6 +8,7 @@
#include <sys/socket.h> /* PF_* */
#include <sys/types.h>
+#include <limits.h>
#include <stdbool.h>
#include <netinet/in.h>
#include <net/if.h>
diff --git a/ip6tables.c b/ip6tables.c
index 87663ef3..54366b05 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -141,7 +141,6 @@ static struct option original_opts[] = {
* magic number of -1 */
int line = -1;
-static struct option *opts = original_opts;
void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ip6tables_globals = {
.option_offset = 0,
@@ -194,6 +193,7 @@ static int inverse_for_options[NUMBER_OF_OPT] =
/* -c */ 0,
};
+#define opts ip6tables_globals.opts
#define prog_name ip6tables_globals.program_name
#define prog_vers ip6tables_globals.program_version
/* A few hardcoded protocols for 'all' and in case the user has no
diff --git a/iptables.c b/iptables.c
index 4c171669..3449decd 100644
--- a/iptables.c
+++ b/iptables.c
@@ -140,8 +140,6 @@ static struct option original_opts[] = {
* magic number of -1 */
int line = -1;
-static struct option *opts = original_opts;
-
void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals iptables_globals = {
@@ -196,6 +194,7 @@ static int inverse_for_options[NUMBER_OF_OPT] =
/* -c */ 0,
};
+#define opts iptables_globals.opts
#define prog_name iptables_globals.program_name
#define prog_vers iptables_globals.program_version