From fa503ad59f73d20d85f4cdf53324a01d2ad8591e Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Sat, 8 Jan 2011 02:47:02 +0100
Subject: ip[6]tables: only call target's parse function when option char is in
 range

Same as previous commit. Doing this actually allows to remove code
that is no longer needed.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 ip6tables.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ip6tables.c')

diff --git a/ip6tables.c b/ip6tables.c
index 4ca4bfec..d4c2339b 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1706,6 +1706,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
 		default:
 			if (target == NULL || target->parse == NULL ||
+			    c < target->option_offset ||
+			    c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
 			    !target->parse(c - target->option_offset,
 					       argv, invert,
 					       &target->tflags,
-- 
cgit v1.2.3