From fa503ad59f73d20d85f4cdf53324a01d2ad8591e Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Sat, 8 Jan 2011 02:47:02 +0100
Subject: ip[6]tables: only call target's parse function when option char is in
 range

Same as previous commit. Doing this actually allows to remove code
that is no longer needed.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 iptables.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'iptables.c')

diff --git a/iptables.c b/iptables.c
index bcacd49f..b45211a9 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1738,6 +1738,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
 		default:
 			if (target == NULL || target->parse == NULL ||
+			    c < target->option_offset ||
+			    c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
 			    !target->parse(c - target->option_offset,
 					       argv, invert,
 					       &target->tflags,
-- 
cgit v1.2.3