iptables: fix segfault target option parsing

With v1.4.10-58-g94e247b, target option parsing started to happen in the
wrong case.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/ip6tables.c b/ip6tables.c
index 5561a7d5140d5be7a0b01769ba5ce9fd3fe4ad64..9f0b892680d39c918246adbbd947738ffd6e4af0 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1245,9 +1245,9 @@ static void command_default(struct iptables_command_state *cs)
        struct xtables_rule_match *matchp;
        struct xtables_match *m;
 
-       if (cs->target == NULL || cs->target->parse == NULL ||
-           cs->c < cs->target->option_offset ||
-           cs->c >= cs->target->option_offset + XT_OPTION_OFFSET_SCALE) {
+       if (cs->target != NULL && cs->target->parse != NULL &&
+           cs->c >= cs->target->option_offset &&
+           cs->c < cs->target->option_offset + XT_OPTION_OFFSET_SCALE) {
                cs->target->parse(cs->c - cs->target->option_offset, cs->argv,
                                  cs->invert, &cs->target->tflags, &cs->fw6,
                                  &cs->target->t);

diff --git a/iptables.c b/iptables.c
index 33fd88226aa8b91bd2919a48a74b8438febd0f81..a73df3ea93c91cbac3124c3da0365c1ebd0cef62 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -1269,9 +1269,9 @@ static void command_default(struct iptables_command_state *cs)
        struct xtables_rule_match *matchp;
        struct xtables_match *m;
 
-       if (cs->target == NULL || cs->target->parse == NULL ||
-           cs->c < cs->target->option_offset ||
-           cs->c >= cs->target->option_offset + XT_OPTION_OFFSET_SCALE) {
+       if (cs->target != NULL && cs->target->parse != NULL &&
+           cs->c >= cs->target->option_offset &&
+           cs->c < cs->target->option_offset + XT_OPTION_OFFSET_SCALE) {
                cs->target->parse(cs->c - cs->target->option_offset, cs->argv,
                                  cs->invert, &cs->target->tflags, &cs->fw,
                                  &cs->target->t);