]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
nft: fix crash when getprotobynumber() returns 0
authorFlorian Westphal <fw@strlen.de>
Fri, 13 Apr 2018 17:19:57 +0000 (19:19 +0200)
committerFlorian Westphal <fw@strlen.de>
Fri, 13 Apr 2018 18:05:51 +0000 (20:05 +0200)
This needs to first check if pent is NULL.

Signed-off-by: Florian Westphal <fw@strlen.de>
iptables/nft-ipv4.c
iptables/nft-ipv6.c

index b779aef5c086babb2aae75b7a9f9b9008a8e3370..26d0d36c4749259687ee2c633d0a3d0180d567ce 100644 (file)
@@ -460,15 +460,17 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
                const struct protoent *pent =
                        getprotobynumber(cs->fw.ip.proto);
                char protonum[sizeof("65535")];
+               const char *name = protonum;
 
-               if (!xlate_find_match(cs, pent->p_name)) {
-                       snprintf(protonum, sizeof(protonum), "%u",
-                                cs->fw.ip.proto);
-                       protonum[sizeof(protonum) - 1] = '\0';
+               snprintf(protonum, sizeof(protonum), "%u",
+                        cs->fw.ip.proto);
+
+               if (!pent || !xlate_find_match(cs, pent->p_name)) {
+                       if (pent)
+                               name = pent->p_name;
                        xt_xlate_add(xl, "ip protocol %s%s ",
                                   cs->fw.ip.invflags & IPT_INV_PROTO ?
-                                       "!= " : "",
-                                  pent ? pent->p_name : protonum);
+                                       "!= " : "", name);
                }
        }
 
index 1be49dd3002790eaa366969214d662389a55e04d..af5254226264665d0a4a800aff227a1b2db25bcd 100644 (file)
@@ -417,16 +417,19 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
                const struct protoent *pent =
                        getprotobynumber(cs->fw6.ipv6.proto);
                char protonum[sizeof("65535")];
+               const char *name = protonum;
 
-               if (!xlate_find_match(cs, pent->p_name)) {
-                       snprintf(protonum, sizeof(protonum), "%u",
-                                cs->fw6.ipv6.proto);
-                       protonum[sizeof(protonum) - 1] = '\0';
+               snprintf(protonum, sizeof(protonum), "%u",
+                        cs->fw6.ipv6.proto);
+
+               if (!pent || !xlate_find_match(cs, pent->p_name)) {
+                       if (pent)
+                               name = pent->p_name;
                        xt_xlate_add(xl, "meta l4proto %s%s ",
                                   cs->fw6.ipv6.invflags & IP6T_INV_PROTO ?
-                                       "!= " : "",
-                                  pent ? pent->p_name : protonum);
+                                       "!= " : "", name);
                }
+
        }
 
        xlate_ipv6_addr("ip6 saddr", &cs->fw6.ipv6.src, &cs->fw6.ipv6.smsk,