From 5429b41c2bb4ac8fe672a1513a041c0ed0c241f6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 13 Sep 2010 15:45:15 +0200 Subject: iptables: limit chain name length to be consistent with targets Creationg of chain names longer than the ones being able to jump to should be inhibited for consistency. References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2 Cc: Stig Thormodsrud Signed-off-by: Jan Engelhardt --- ip6tables.c | 6 +++--- iptables.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ip6tables.c b/ip6tables.c index 6c5d124c..15067da2 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1838,10 +1838,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand generic_opt_check(command, options); - if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN) + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, - "chain name `%s' too long (must be under %i chars)", - chain, IP6T_FUNCTION_MAXNAMELEN); + "chain name `%s' too long (must be under %u chars)", + chain, XT_EXTENSION_MAXNAMELEN); /* only allocate handle if we weren't called with a handle */ if (!*handle) diff --git a/iptables.c b/iptables.c index 19f6d4fe..840dd3e5 100644 --- a/iptables.c +++ b/iptables.c @@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle generic_opt_check(command, options); - if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN) + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, - "chain name `%s' too long (must be under %i chars)", - chain, IPT_FUNCTION_MAXNAMELEN); + "chain name `%s' too long (must be under %u chars)", + chain, XT_EXTENSION_MAXNAMELEN); /* only allocate handle if we weren't called with a handle */ if (!*handle) -- cgit v1.2.3