xshared: Share a common add_command() implementation

The shared definition of cmdflags is a super set of the previous one in
xtables-arp.c so while not being identical, they're compatible.

Avoid accidental array overstep in cmd2char() by incrementing an index
variable and checking its final value before using it as such.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index ee463c958686245da578a987ddd0601f97952a5a..9a9d71f1cdadcaa2d2d08528f744964d66f1b150 100644 (file)
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -69,8 +69,6 @@
 #define CMD_ZERO_NUM           0x2000U
 #define CMD_CHECK              0x4000U
 #define NUMBER_OF_CMD  16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
-                                'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
 
 #define NUMBER_OF_OPT  ARRAY_SIZE(optflags)
 static const char optflags[]
@@ -336,27 +334,6 @@ opt2char(int option)
        return *ptr;
 }
 
-static char
-cmd2char(int option)
-{
-       const char *ptr;
-       for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
-       return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds,
-           int invert)
-{
-       if (invert)
-               xtables_error(PARAMETER_PROBLEM, "unexpected '!' flag");
-       if (*cmd & (~othercmds))
-               xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
-                          cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
-       *cmd |= newcmd;
-}
-
 /*
  *     All functions starting with "parse" should succeed, otherwise
  *     the program fails.

diff --git a/iptables/iptables.c b/iptables/iptables.c
index 544e87596e7e45787d88a3bde67ee16f6679321b..5fec25376c24f8742cead8eaf20b5a444a0a7058 100644 (file)
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -65,8 +65,6 @@
 #define CMD_ZERO_NUM           0x2000U
 #define CMD_CHECK              0x4000U
 #define NUMBER_OF_CMD  16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
-                                'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
 
 #define OPT_FRAGMENT    0x00800U
 #define NUMBER_OF_OPT  ARRAY_SIZE(optflags)
@@ -335,27 +333,6 @@ opt2char(int option)
        return *ptr;
 }
 
-static char
-cmd2char(int option)
-{
-       const char *ptr;
-       for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
-       return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds, 
-           int invert)
-{
-       if (invert)
-               xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
-       if (*cmd & (~othercmds))
-               xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
-                          cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
-       *cmd |= newcmd;
-}
-
 /*
  *     All functions starting with "parse" should succeed, otherwise
  *     the program fails.

diff --git a/iptables/xshared.c b/iptables/xshared.c
index 97f1b5d22fdbede092a9bf1fdcee7c7259c0ca05..3baa805c64e6d668fbb8160294c3cfc537dd9e79 100644 (file)
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -732,3 +732,30 @@ void command_jump(struct iptables_command_state *cs, const char *jumpto)
                xtables_error(OTHER_PROBLEM, "can't alloc memory!");
        xt_params->opts = opts;
 }
+
+char cmd2char(int option)
+{
+       /* cmdflags index corresponds with position of bit in CMD_* values */
+       static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
+                                        'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
+       int i;
+
+       for (i = 0; option > 1; option >>= 1, i++)
+               ;
+       if (i >= ARRAY_SIZE(cmdflags))
+               xtables_error(OTHER_PROBLEM,
+                             "cmd2char(): Invalid command number %u.\n",
+                             1 << i);
+       return cmdflags[i];
+}
+
+void add_command(unsigned int *cmd, const int newcmd,
+                const int othercmds, int invert)
+{
+       if (invert)
+               xtables_error(PARAMETER_PROBLEM, "unexpected '!' flag");
+       if (*cmd & (~othercmds))
+               xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
+                          cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
+       *cmd |= newcmd;
+}

diff --git a/iptables/xshared.h b/iptables/xshared.h
index 64b7e8fc4b6902d140f31929014884a816d6e9ea..0b9b357c7bdaa4933e3c4933dbc4ac0e1302da1a 100644 (file)
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -183,4 +183,8 @@ void command_match(struct iptables_command_state *cs);
 const char *xt_parse_target(const char *targetname);
 void command_jump(struct iptables_command_state *cs, const char *jumpto);
 
+char cmd2char(int option);
+void add_command(unsigned int *cmd, const int newcmd,
+                const int othercmds, int invert);
+
 #endif /* IPTABLES_XSHARED_H */

diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 8503f47fe2afeae4268600cd42a814121c0ec277..584b6f0646821fe336d7f475211c6cfe1a14bc1f 100644 (file)
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -81,8 +81,6 @@ typedef char arpt_chainlabel[32];
 #define CMD_CHECK              0x0800U
 #define CMD_RENAME_CHAIN       0x1000U
 #define NUMBER_OF_CMD  13
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
-                                'N', 'X', 'P', 'E' };
 
 #define OPTION_OFFSET 256
 
@@ -462,26 +460,6 @@ opt2char(int option)
        return *ptr;
 }
 
-static char
-cmd2char(int option)
-{
-       const char *ptr;
-       for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
-       return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const unsigned int othercmds, int invert)
-{
-       if (invert)
-               xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
-       if (*cmd & (~othercmds))
-               xtables_error(PARAMETER_PROBLEM, "Can't use -%c with -%c\n",
-                             cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
-       *cmd |= newcmd;
-}
-
 static int
 check_inverse(const char option[], int *invert, int *optidx, int argc)
 {

diff --git a/iptables/xtables.c b/iptables/xtables.c
index 8a9e0edc3bea2c57dbda067293e5f2cb986af9cc..6dfa3f1171183a4a66db6ea06846a69b89366493 100644 (file)
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -51,8 +51,6 @@
 #endif
 
 #define NUMBER_OF_CMD  16
-static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
-                                'N', 'X', 'P', 'E', 'S', 'Z', 'C' };
 
 #define OPT_FRAGMENT   0x00800U
 #define NUMBER_OF_OPT  ARRAY_SIZE(optflags)
@@ -319,27 +317,6 @@ opt2char(int option)
        return *ptr;
 }
 
-static char
-cmd2char(int option)
-{
-       const char *ptr;
-       for (ptr = cmdflags; option > 1; option >>= 1, ptr++);
-
-       return *ptr;
-}
-
-static void
-add_command(unsigned int *cmd, const int newcmd, const int othercmds,
-           int invert)
-{
-       if (invert)
-               xtables_error(PARAMETER_PROBLEM, "unexpected ! flag");
-       if (*cmd & (~othercmds))
-               xtables_error(PARAMETER_PROBLEM, "Cannot use -%c with -%c\n",
-                          cmd2char(newcmd), cmd2char(*cmd & (~othercmds)));
-       *cmd |= newcmd;
-}
-
 /*
  *     All functions starting with "parse" should succeed, otherwise
  *     the program fails.