From 142cf72442760ae8fc377bbfb54a913baf84742e Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Sat, 14 Nov 2020 15:22:09 +0100 Subject: xtables: arptables accepts empty interface names The empty string passed as interface name is simply ignored by legacy arptables. Make the new common parser print a warning but accept it. Calling xtables_parse_interface() with an empty string is safe. Signed-off-by: Phil Sutter --- iptables/xtables.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/iptables/xtables.c b/iptables/xtables.c index dc67affc..075506f0 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -260,6 +260,19 @@ list_rules(struct nft_handle *h, const char *chain, const char *table, return nft_cmd_rule_list_save(h, chain, table, rulenum, counters); } +static void check_empty_interface(struct nft_handle *h, const char *arg) +{ + const char *msg = "Empty interface is likely to be undesired"; + + if (*arg != '\0') + return; + + if (h->family != NFPROTO_ARP) + xtables_error(PARAMETER_PROBLEM, msg); + + fprintf(stderr, "%s", msg); +} + void do_parse(struct nft_handle *h, int argc, char *argv[], struct nft_xt_cmd_parse *p, struct iptables_command_state *cs, struct xtables_args *args) @@ -493,10 +506,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], case 'i': - if (*optarg == '\0') - xtables_error(PARAMETER_PROBLEM, - "Empty interface is likely to be " - "undesired"); + check_empty_interface(h, optarg); set_option(&cs->options, OPT_VIANAMEIN, &args->invflags, invert); xtables_parse_interface(optarg, @@ -505,10 +515,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], break; case 'o': - if (*optarg == '\0') - xtables_error(PARAMETER_PROBLEM, - "Empty interface is likely to be " - "undesired"); + check_empty_interface(h, optarg); set_option(&cs->options, OPT_VIANAMEOUT, &args->invflags, invert); xtables_parse_interface(optarg, -- cgit v1.2.3