nfacct: check for too many arguments

More robust behaviour, display error if you pass more arguments
than require.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 18 insertions, 3 deletions

diff --git a/src/nfacct.c b/src/nfacct.c
index e282b82..9d1c123 100644
--- a/src/nfacct.c
+++ b/src/nfacct.c
@@ -150,6 +150,9 @@ static int nfacct_cmd_list(int argc, char *argv[])
 		if (strncmp(argv[2], "reset", strlen(argv[2])) == 0) {
 			zeroctr = true;
 		}
+	} else if (argc > 3) {
+		nfacct_perror("too many arguments");
+		return -1;
 	}
 
 	seq = time(NULL);
@@ -203,6 +206,9 @@ static int nfacct_cmd_add(int argc, char *argv[])
 	if (argc < 3) {
 		nfacct_perror("missing object name");
 		return -1;
+	} else if (argc > 3) {
+		nfacct_perror("too many arguments");
+		return -1;
 	}
 
 	nfacct = nfacct_alloc();
@@ -265,6 +271,9 @@ static int nfacct_cmd_delete(int argc, char *argv[])
 	if (argc < 3) {
 		nfacct_perror("missing object name");
 		return -1;
+	} else if (argc > 3) {
+		nfacct_perror("too many arguments");
+		return -1;
 	}
 
 	nfacct = nfacct_alloc();
@@ -329,12 +338,13 @@ static int nfacct_cmd_get(int argc, char *argv[])
 	if (argc < 3) {
 		nfacct_perror("missing object name");
 		return -1;
-	}
-
-	if (argc == 4) {
+	} else if (argc == 4) {
 		if (strncmp(argv[3], "reset", strlen(argv[3])) == 0) {
 			zeroctr = true;
 		}
+	} else if (argc > 4) {
+		nfacct_perror("too many arguments");
+		return -1;
 	}
 
 	nfacct = nfacct_alloc();
@@ -395,6 +405,11 @@ static int nfacct_cmd_flush(int argc, char *argv[])
 	uint32_t portid, seq;
 	int ret;
 
+	if (argc > 2) {
+		nfacct_perror("too many arguments");
+		return -1;
+	}
+
 	seq = time(NULL);
 	nlh = nfacct_nlmsg_build_hdr(buf, NFNL_MSG_ACCT_DEL, NLM_F_ACK, seq);