]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 83ee6e1)
ebtables: Fix for broken chain renaming
authorPhil Sutter <phil@nwl.cc>
Tue, 17 Nov 2020 10:38:27 +0000 (11:38 +0100)
committerPhil Sutter <phil@nwl.cc>
Tue, 17 Nov 2020 11:52:09 +0000 (12:52 +0100)
Loading extensions pollutes 'errno' value, hence before using it to
indicate failure it should be sanitized. This was done by the called
function before the parsing/netlink split and not migrated by accident.
Move it into calling code to clarify the connection.

Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands")
Signed-off-by: Phil Sutter <phil@nwl.cc>
iptables/nft.c patch | blob | blame | history
iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0 patch | blob | blame | history
iptables/xtables-eb.c patch | blob | blame | history

diff --git a/iptables/nft.c b/iptables/nft.c
index 39882a443a97412dc37193680b7a5163fe495630..411e2597205c9225737ce202c5299133c10c6973 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1896,9 +1896,6 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
                return 0;
        }
 
-       /* Config load changed errno. Ensure genuine info for our callers. */
-       errno = 0;
-
        /* Find the old chain to be renamed */
        c = nft_chain_find(h, table, chain);
        if (c == NULL) {
diff --git a/iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0 b/iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0
index 0c1eb4ca66f52dcccff9ec0c2313525366dc111e..6f11bd12593dd5df7819da09502304818a62b59c 100755 (executable)
--- a/iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0
+++ b/iptables/tests/shell/testcases/ebtables/0001-ebtables-basic_0
@@ -86,4 +86,8 @@ if [ $? -eq 0 ]; then
        exit 1
 fi
 
+$XT_MULTI ebtables -t filter -E FOO BAZ || exit 1
+$XT_MULTI ebtables -t filter -L | grep -q FOO && exit 1
+$XT_MULTI ebtables -t filter -L | grep -q BAZ || exit 1
+
 $XT_MULTI ebtables -t $t -F || exit 0
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 6641a21a72d321a82effd0171fa7d308e316c101..5e4184b8e80def7a32e05f22b7b3ac7c5256c5d2 100644 (file)
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -853,6 +853,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
                                else if (strchr(argv[optind], ' ') != NULL)
                                        xtables_error(PARAMETER_PROBLEM, "Use of ' ' not allowed in chain names");
 
+                               errno = 0;
                                ret = nft_cmd_chain_user_rename(h, chain, *table,
                                                            argv[optind]);
                                if (ret != 0 && errno == ENOENT)
Mirror of git://git.netfilter.org/iptables