From a2911408959d7e86bc4bad4f1be2551a19ad125c Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 9 Apr 2024 13:18:12 +0200 Subject: xshared: Fix parsing of empty string arg in '-c' option Calling iptables with '-c ""' resulted in a call to strchr() with an invalid pointer as 'optarg + 1' points to past the buffer. The most simple fix is to drop the offset: The global optstring part specifies a single colon after 'c', so getopt() enforces a valid pointer in optarg. If it contains a comma at first position, packet counter value parsing will fail so all cases are covered. Reported-by: gorbanev.es@gmail.com Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1741 Fixes: 60a6073690a45 ("Make --set-counters (-c) accept comma separated counters") Signed-off-by: Phil Sutter --- iptables/xshared.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'iptables/xshared.c') diff --git a/iptables/xshared.c b/iptables/xshared.c index b998dd75..b1997ea3 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1885,7 +1885,7 @@ void do_parse(int argc, char *argv[], set_option(p->ops, &cs->options, OPT_COUNTERS, &args->invflags, invert); args->pcnt = optarg; - args->bcnt = strchr(args->pcnt + 1, ','); + args->bcnt = strchr(args->pcnt, ','); if (args->bcnt) args->bcnt++; if (!args->bcnt && xs_has_arg(argc, argv)) -- cgit v1.2.3