]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0195836)
iptables: limit chain name length to be consistent with targets
authorJan Engelhardt <jengelh@medozas.de>
Mon, 13 Sep 2010 13:45:15 +0000 (15:45 +0200)
committerJan Engelhardt <jengelh@medozas.de>
Mon, 13 Sep 2010 13:50:44 +0000 (15:50 +0200)
Creationg of chain names longer than the ones being able to jump to
should be inhibited for consistency.

References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2
Cc: Stig Thormodsrud <stig@vyatta.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ip6tables.c patch | blob | blame | history
iptables.c patch | blob | blame | history

diff --git a/ip6tables.c b/ip6tables.c
index 6c5d124c0c9c188eb4ff05fdb42b0d268b3c6793..15067da2463a98fbd8cd8962323bb07c0b0df6d8 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1838,10 +1838,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
        generic_opt_check(command, options);
 
-       if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN)
+       if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
                xtables_error(PARAMETER_PROBLEM,
-                          "chain name `%s' too long (must be under %i chars)",
-                          chain, IP6T_FUNCTION_MAXNAMELEN);
+                          "chain name `%s' too long (must be under %u chars)",
+                          chain, XT_EXTENSION_MAXNAMELEN);
 
        /* only allocate handle if we weren't called with a handle */
        if (!*handle)
diff --git a/iptables.c b/iptables.c
index 19f6d4fe3657d48aa368d9d6468389217c738446..840dd3e57d79122dde941b130f267a12413fa9a0 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
        generic_opt_check(command, options);
 
-       if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
+       if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
                xtables_error(PARAMETER_PROBLEM,
-                          "chain name `%s' too long (must be under %i chars)",
-                          chain, IPT_FUNCTION_MAXNAMELEN);
+                          "chain name `%s' too long (must be under %u chars)",
+                          chain, XT_EXTENSION_MAXNAMELEN);
 
        /* only allocate handle if we weren't called with a handle */
        if (!*handle)
Mirror of git://git.netfilter.org/iptables