iptables-restore: fix segmentation fault with -tanything

Reference: Debian bug #458042

iptables-restore must not pass a table into do_command. It checks for
"-t arg" and "--table arg", but not "-targ". (On a related note,
using -targ does not work as expected).

This should fail gracefully, but crashes:

	iptables-restore <(echo -e '*filter\n-A INPUT -tx\nCOMMIT')

And this should use table "filter", or perhaps raise an error, but
instead sets the table to (literally) "-tfilter":

	iptables -tfilter -A INPUT

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index cd6dd032fed82ea2b21cd26a2ce2699ddefff114..f51e38f1d89557da44bc6b1309a03b99e1e89382 100644 (file)
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -406,7 +406,7 @@ int main(int argc, char *argv[])
                                        param_buffer[param_len] = '\0';
 
                                        /* check if table name specified */
-                                       if (!strncmp(param_buffer, "-t", 3)
+                                       if (!strncmp(param_buffer, "-t", 2)
                                             || !strncmp(param_buffer, "--table", 8)) {
                                                exit_error(PARAMETER_PROBLEM,
                                                   "Line %u seems to have a "

diff --git a/ip6tables.c b/ip6tables.c
index 2b0539247e7c160eb7e5779616e77e5fe6e2b446..283a1c2d5524d79954d8e397b070bf90697a7229 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1747,7 +1747,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
                        if (invert)
                                exit_error(PARAMETER_PROBLEM,
                                           "unexpected ! flag before --table");
-                       *table = argv[optind-1];
+                       *table = optarg;
                        break;
 
                case 'x':
@@ -1890,8 +1890,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
 
                                if (!m)
                                        exit_error(PARAMETER_PROBLEM,
-                                                  "Unknown arg `%s'",
-                                                  argv[optind-1]);
+                                                  "Unknown arg `%s'", optarg);
                        }
                }
                invert = FALSE;

diff --git a/iptables-restore.c b/iptables-restore.c
index 4b199d94c1c728677fc537f834b4224da3c223a0..dcbed1494bf3b1f7c4eee434942e0e2415f49bec 100644 (file)
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -412,7 +412,7 @@ main(int argc, char *argv[])
                                        param_buffer[param_len] = '\0';
 
                                        /* check if table name specified */
-                                       if (!strncmp(param_buffer, "-t", 3)
+                                       if (!strncmp(param_buffer, "-t", 2)
                                            || !strncmp(param_buffer, "--table", 8)) {
                                                exit_error(PARAMETER_PROBLEM,
                                                   "Line %u seems to have a "

diff --git a/iptables.c b/iptables.c
index bf3cbca204b1082db453f0660f9788f45556f2cb..41e183611107b6e504bee09c98342ea80202e1b4 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -1764,7 +1764,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
                        if (invert)
                                exit_error(PARAMETER_PROBLEM,
                                           "unexpected ! flag before --table");
-                       *table = argv[optind-1];
+                       *table = optarg;
                        break;
 
                case 'x':
@@ -1911,8 +1911,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
                                }
                                if (!m)
                                        exit_error(PARAMETER_PROBLEM,
-                                                  "Unknown arg `%s'",
-                                                  argv[optind-1]);
+                                                  "Unknown arg `%s'", optarg);
                        }
                }
                invert = FALSE;