iptables: correctly check for too-long chain/target/match names

* iptables-restore was not checking for chain name length
* iptables was not checking for match name length
* target length was checked against 32, not 29.

References: http://bugzilla.netfilter.org/show_bug.cgi?id=641
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index d0efbeed73f23d59683f29e0f255323c1b6eefa8..f0725d1e5c0659273c93de2e712b90642562dfba 100644 (file)
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -253,6 +253,12 @@ int main(int argc, char *argv[])
                                exit(1);
                        }
 
+                       if (strlen(chain) > XT_FUNCTION_MAXNAMELEN - 1)
+                               xtables_error(PARAMETER_PROBLEM,
+                                          "Invalid chain name `%s' "
+                                          "(%u chars max)",
+                                          chain, XT_FUNCTION_MAXNAMELEN - 1);
+
                        if (ip6tc_builtin(chain, handle) <= 0) {
                                if (noflush && ip6tc_is_chain(chain, handle)) {
                                        DEBUGP("Flushing existing user defined chain '%s'\n", chain);

diff --git a/ip6tables.c b/ip6tables.c
index e2359dfe4700a2738b92408ef3913e30dd4acd15..6ee42819d580406a2782db0e26cdf1804a8cc90f 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -456,10 +456,10 @@ parse_target(const char *targetname)
                xtables_error(PARAMETER_PROBLEM,
                           "Invalid target name (too short)");
 
-       if (strlen(targetname)+1 > sizeof(ip6t_chainlabel))
+       if (strlen(targetname) > XT_FUNCTION_MAXNAMELEN - 1)
                xtables_error(PARAMETER_PROBLEM,
                           "Invalid target name `%s' (%u chars max)",
-                          targetname, (unsigned int)sizeof(ip6t_chainlabel)-1);
+                          targetname, XT_FUNCTION_MAXNAMELEN - 1);
 
        for (ptr = targetname; *ptr; ptr++)
                if (isspace(*ptr))

diff --git a/iptables-restore.c b/iptables-restore.c
index 86d63e28778c23e38797bac425fc8338451fbe5e..4a74485c97d9fca9d6088b6519db546d3dd9c227 100644 (file)
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -259,6 +259,12 @@ main(int argc, char *argv[])
                                exit(1);
                        }
 
+                       if (strlen(chain) > XT_FUNCTION_MAXNAMELEN - 1)
+                               xtables_error(PARAMETER_PROBLEM,
+                                          "Invalid chain name `%s' "
+                                          "(%u chars max)",
+                                          chain, XT_FUNCTION_MAXNAMELEN - 1);
+
                        if (iptc_builtin(chain, handle) <= 0) {
                                if (noflush && iptc_is_chain(chain, handle)) {
                                        DEBUGP("Flushing existing user defined chain '%s'\n", chain);

diff --git a/iptables.c b/iptables.c
index 08eb1345f220617789a06e3f1c7a24597a643512..25bc8cc6acb5053e40019be751ff921ea2508de3 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -460,10 +460,10 @@ parse_target(const char *targetname)
                xtables_error(PARAMETER_PROBLEM,
                           "Invalid target name (too short)");
 
-       if (strlen(targetname)+1 > sizeof(ipt_chainlabel))
+       if (strlen(targetname) > XT_FUNCTION_MAXNAMELEN - 1)
                xtables_error(PARAMETER_PROBLEM,
                           "Invalid target name `%s' (%u chars max)",
-                          targetname, (unsigned int)sizeof(ipt_chainlabel)-1);
+                          targetname, XT_FUNCTION_MAXNAMELEN - 1);
 
        for (ptr = targetname; *ptr; ptr++)
                if (isspace(*ptr))

diff --git a/xtables.c b/xtables.c
index f3baf84d2fd557ce63914bea823c04e1d0db92d5..7340c87a3f1315ef9149656eb09e35bae45e2ae6 100644 (file)
--- a/xtables.c
+++ b/xtables.c
@@ -545,6 +545,11 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
        struct xtables_match *ptr;
        const char *icmp6 = "icmp6";
 
+       if (strlen(name) > XT_FUNCTION_MAXNAMELEN - 1)
+               xtables_error(PARAMETER_PROBLEM,
+                          "Invalid match name \"%s\" (%u chars max)",
+                          name, XT_FUNCTION_MAXNAMELEN - 1);
+
        /* This is ugly as hell. Nonetheless, there is no way of changing
         * this without hurting backwards compatibility */
        if ( (strcmp(name,"icmpv6") == 0) ||