From d0cbf5f34d3421064eb0fbbcdc6b90cda4e81f2d Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 4 Aug 2008 12:51:01 +0200
Subject: iptables-restore: fix segmentation fault with -tanything

Reference: Debian bug #458042

iptables-restore must not pass a table into do_command. It checks for
"-t arg" and "--table arg", but not "-targ". (On a related note,
using -targ does not work as expected).

This should fail gracefully, but crashes:

	iptables-restore <(echo -e '*filter\n-A INPUT -tx\nCOMMIT')

And this should use table "filter", or perhaps raise an error, but
instead sets the table to (literally) "-tfilter":

	iptables -tfilter -A INPUT

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 ip6tables-restore.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ip6tables-restore.c')

diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index cd6dd032..f51e38f1 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -406,7 +406,7 @@ int main(int argc, char *argv[])
 					param_buffer[param_len] = '\0';
 
 					/* check if table name specified */
-					if (!strncmp(param_buffer, "-t", 3)
+					if (!strncmp(param_buffer, "-t", 2)
                                             || !strncmp(param_buffer, "--table", 8)) {
 						exit_error(PARAMETER_PROBLEM,
 						   "Line %u seems to have a "
-- 
cgit v1.2.3