From a103fbfadf4c17b8b12caa57eef72deaaa71a18c Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 4 Dec 2019 09:56:06 +0100
Subject: xtables-restore: Fix parser feed from line buffer

When called with --noflush, xtables-restore would trip over chain lines:
Parser uses strtok() to separate chain name, policy and counters which
inserts nul-chars into the source string. Therefore strlen() can't be
used anymore to find end of line. Fix this by caching line length before
calling xtables_restore_parse_line().

Fixes: 09cb517949e69 ("xtables-restore: Improve performance of --noflush operation")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/xtables-restore.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'iptables/xtables-restore.c')

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 2f0fe7d4..dd907e0b 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -327,10 +327,12 @@ void xtables_restore_parse(struct nft_handle *h,
 	line = 0;
 	ptr = preload_buffer;
 	while (*ptr) {
+		size_t len = strlen(ptr);
+
 		h->error.lineno = ++line;
 		DEBUGP("%s: buffered line %d: '%s'\n", __func__, line, ptr);
 		xtables_restore_parse_line(h, p, &state, ptr);
-		ptr += strlen(ptr) + 1;
+		ptr += len + 1;
 	}
 	if (*buffer) {
 		h->error.lineno = ++line;
-- 
cgit v1.2.3