From 6db2ded2f22a7e78743c86af523b8430876582e9 Mon Sep 17 00:00:00 2001 From: Christian Perle Date: Tue, 17 Feb 2009 17:31:52 +0100 Subject: libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff http://bugzilla.netfilter.org/show_bug.cgi?id=577 When using the -m policy match, the option argument for --spi is converted using strtol(), which returns a signed 32 bit value, so the highest positive value is 0x7fffffff. Instead strtoul() should be used. The same applies for the --reqid option argument. Signed-off-by: Patrick McHardy --- extensions/libip6t_policy.c | 4 ++-- extensions/libipt_policy.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c index 7c1a1e71..7ea72cd9 100644 --- a/extensions/libip6t_policy.c +++ b/extensions/libip6t_policy.c @@ -198,7 +198,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, e->match.reqid = 1; e->invert.reqid = invert; - e->reqid = strtol(argv[optind-1], NULL, 10); + e->reqid = strtoul(argv[optind-1], NULL, 10); break; case '5': if (e->match.spi) @@ -207,7 +207,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, e->match.spi = 1; e->invert.spi = invert; - e->spi = strtol(argv[optind-1], NULL, 0x10); + e->spi = strtoul(argv[optind-1], NULL, 0x10); break; case '6': if (e->match.saddr) diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c index 6ae51e7c..a538927f 100644 --- a/extensions/libipt_policy.c +++ b/extensions/libipt_policy.c @@ -166,7 +166,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, e->match.reqid = 1; e->invert.reqid = invert; - e->reqid = strtol(argv[optind-1], NULL, 10); + e->reqid = strtoul(argv[optind-1], NULL, 10); break; case '5': if (e->match.spi) @@ -175,7 +175,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags, e->match.spi = 1; e->invert.spi = invert; - e->spi = strtol(argv[optind-1], NULL, 0x10); + e->spi = strtoul(argv[optind-1], NULL, 0x10); break; case '6': if (e->match.saddr) -- cgit v1.2.3