ip(6)tables-restore: make sure argv is NULL terminated

Else, argv[argc] may point to free'd memory.

Some extensions, e.g. rateest, may fail to parse valid input
because argv[optind] (with optind == argc) is not NULL.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index 92bdc302a3c843b9e64054be4803d7dcea0830cd..3894d68d91b178e125315c14eeb177f3b9a4545d 100644 (file)
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -98,7 +98,7 @@ static int add_argv(char *what) {
        DEBUGP("add_argv: %s\n", what);
        if (what && newargc + 1 < ARRAY_SIZE(newargv)) {
                newargv[newargc] = strdup(what);
-               newargc++;
+               newargv[++newargc] = NULL;
                return 1;
        } else {
                xtables_error(PARAMETER_PROBLEM,

diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index 6b1c7929dc7484bccb5fd8ff9d341be73b74ec79..034f9606a6b2605a021c66f8430fdc05ff0cbe69 100644 (file)
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -97,7 +97,7 @@ static int add_argv(char *what) {
        DEBUGP("add_argv: %s\n", what);
        if (what && newargc + 1 < ARRAY_SIZE(newargv)) {
                newargv[newargc] = strdup(what);
-               newargc++;
+               newargv[++newargc] = NULL;
                return 1;
        } else {
                xtables_error(PARAMETER_PROBLEM,