From 7a63ca74dbcd323217cab7296e68a19b8c9ea6c4 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 17:34:58 +0100 Subject: libxt_owner: use correct UID/GID boundaries -1 is a reserved number (chown uses it to denote "do not change"), so the maximum libxt_owner should permit is up to UINT32_MAX-1. Signed-off-by: Jan Engelhardt --- extensions/libxt_owner.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'extensions/libxt_owner.c') diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c index 4cd173e3..c8677a8c 100644 --- a/extensions/libxt_owner.c +++ b/extensions/libxt_owner.c @@ -110,7 +110,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0)) + else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IPT_OWNER_UID; @@ -123,7 +123,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0)) + else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IPT_OWNER_GID; @@ -190,7 +190,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0)) + else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_UID; @@ -204,7 +204,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0)) + else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_GID; @@ -245,12 +245,12 @@ static void owner_parse_range(const char *s, unsigned int *from, { char *end; - /* 4294967295 is reserved, so subtract one from ~0 */ - if (!strtonum(s, &end, from, 0, (~(uid_t)0) - 1)) + /* -1 is reversed, so the max is one less than that. */ + if (!strtonum(s, &end, from, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", opt, s); *to = *from; if (*end == '-' || *end == ':') - if (!strtonum(end + 1, &end, to, 0, (~(uid_t)0) - 1)) + if (!strtonum(end + 1, &end, to, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", opt, s); if (*end != '\0') param_act(P_BAD_VALUE, "owner", opt, s); -- cgit v1.2.3 From 5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 18:43:01 +0100 Subject: libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt --- extensions/libxt_owner.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'extensions/libxt_owner.c') diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c index c8677a8c..54d841c6 100644 --- a/extensions/libxt_owner.c +++ b/extensions/libxt_owner.c @@ -19,6 +19,11 @@ #include #include +/* + * Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved + * UID/GID value anyway. + */ + enum { FLAG_UID_OWNER = 1 << 0, FLAG_GID_OWNER = 1 << 1, @@ -110,7 +115,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IPT_OWNER_UID; @@ -123,7 +128,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IPT_OWNER_GID; @@ -134,7 +139,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, case 'p': param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IPT_OWNER_PID; @@ -145,7 +150,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, case 's': param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) param_act(P_BAD_VALUE, "owner", "--sid-value", optarg); if (invert) info->invert |= IPT_OWNER_SID; @@ -190,7 +195,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; - else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_UID; @@ -204,7 +209,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; - else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1)) + else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_GID; @@ -216,7 +221,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, case 'p': param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_PID; @@ -228,7 +233,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, case 's': param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); - if (!strtonum(optarg, NULL, &id, 0, INT_MAX)) + if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) param_act(P_BAD_VALUE, "owner", "--sid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_SID; @@ -246,11 +251,11 @@ static void owner_parse_range(const char *s, unsigned int *from, char *end; /* -1 is reversed, so the max is one less than that. */ - if (!strtonum(s, &end, from, 0, UINT32_MAX - 1)) + if (!xtables_strtoui(s, &end, from, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", opt, s); *to = *from; if (*end == '-' || *end == ':') - if (!strtonum(end + 1, &end, to, 0, UINT32_MAX - 1)) + if (!xtables_strtoui(end + 1, &end, to, 0, UINT32_MAX - 1)) param_act(P_BAD_VALUE, "owner", opt, s); if (*end != '\0') param_act(P_BAD_VALUE, "owner", opt, s); -- cgit v1.2.3 From a41545ca7cde43e0ba53260ba74bd9bf74025a68 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 21:27:19 +0100 Subject: libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt --- extensions/libxt_owner.c | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) (limited to 'extensions/libxt_owner.c') diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c index 54d841c6..bf26f35c 100644 --- a/extensions/libxt_owner.c +++ b/extensions/libxt_owner.c @@ -112,11 +112,11 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IPT_OWNER_UID; info->match |= IPT_OWNER_UID; @@ -125,11 +125,11 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IPT_OWNER_GID; info->match |= IPT_OWNER_GID; @@ -138,9 +138,9 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'p': - param_act(P_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IPT_OWNER_PID; info->match |= IPT_OWNER_PID; @@ -149,9 +149,9 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 's': - param_act(P_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--sid-value", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-value", optarg); if (invert) info->invert |= IPT_OWNER_SID; info->match |= IPT_OWNER_SID; @@ -161,7 +161,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags, #ifdef IPT_OWNER_COMM case 'c': - param_act(P_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM); + xtables_param_act(XTF_ONLY_ONCE, "owner", "--cmd-owner", *flags & FLAG_COMM); if (strlen(optarg) > sizeof(info->comm)) exit_error(PARAMETER_PROBLEM, "owner match: command " "\"%s\" too long, max. %zu characters", @@ -191,12 +191,12 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) id = pwd->pw_uid; else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_UID; info->match |= IP6T_OWNER_UID; @@ -205,12 +205,12 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) id = grp->gr_gid; else if (!xtables_strtoui(optarg, NULL, &id, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_GID; info->match |= IP6T_OWNER_GID; @@ -219,10 +219,10 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 'p': - param_act(P_ONLY_ONCE, "owner", "--pid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--pid-owner", *flags & FLAG_PID_OWNER); if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--pid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--pid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_PID; info->match |= IP6T_OWNER_PID; @@ -231,10 +231,10 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags, return true; case 's': - param_act(P_ONLY_ONCE, "owner", "--sid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--sid-owner", *flags & FLAG_SID_OWNER); if (!xtables_strtoui(optarg, NULL, &id, 0, INT_MAX)) - param_act(P_BAD_VALUE, "owner", "--sid-owner", optarg); + xtables_param_act(XTF_BAD_VALUE, "owner", "--sid-owner", optarg); if (invert) info->invert |= IP6T_OWNER_SID; info->match |= IP6T_OWNER_SID; @@ -252,13 +252,13 @@ static void owner_parse_range(const char *s, unsigned int *from, /* -1 is reversed, so the max is one less than that. */ if (!xtables_strtoui(s, &end, from, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", opt, s); + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); *to = *from; if (*end == '-' || *end == ':') if (!xtables_strtoui(end + 1, &end, to, 0, UINT32_MAX - 1)) - param_act(P_BAD_VALUE, "owner", opt, s); + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); if (*end != '\0') - param_act(P_BAD_VALUE, "owner", opt, s); + xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); } static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, @@ -271,7 +271,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case 'u': - param_act(P_ONLY_ONCE, "owner", "--uid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER); if ((pwd = getpwnam(optarg)) != NULL) from = to = pwd->pw_uid; @@ -286,7 +286,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, return true; case 'g': - param_act(P_ONLY_ONCE, "owner", "--gid-owner", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER); if ((grp = getgrnam(optarg)) != NULL) from = to = grp->gr_gid; @@ -301,7 +301,7 @@ static int owner_mt_parse(int c, char **argv, int invert, unsigned int *flags, return true; case 'k': - param_act(P_ONLY_ONCE, "owner", "--socket-exists", + xtables_param_act(XTF_ONLY_ONCE, "owner", "--socket-exists", *flags & FLAG_SOCKET_EXISTS); if (invert) info->invert |= XT_OWNER_SOCKET; -- cgit v1.2.3