libxtables: do some option structure checking

libxt_recent's use of numeric values >200 always looked worrisome. Now
here is a validation routine for such.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/xtables.c b/xtables.c
index 5b7526c83b2e1f0a91972e0c1a36f6e66fcb3fec..f8014a6551842b2d122b9eddea95821510d378fa 100644 (file)
--- a/xtables.c
+++ b/xtables.c
@@ -730,6 +730,17 @@ static int compatible_target_revision(const char *name, uint8_t revision)
        return compatible_revision(name, revision, afinfo->so_rev_target);
 }
 
+static void xtables_check_options(const char *name, const struct option *opt)
+{
+       for (; opt->name != NULL; ++opt)
+               if (opt->val < 0 || opt->val >= XT_OPTION_OFFSET_SCALE) {
+                       fprintf(stderr, "%s: Extension %s uses invalid "
+                               "option value %d\n",xt_params->program_name,
+                               name, opt->val);
+                       exit(1);
+               }
+}
+
 void xtables_register_match(struct xtables_match *me)
 {
        struct xtables_match **i, *old;
@@ -760,6 +771,9 @@ void xtables_register_match(struct xtables_match *me)
                exit(1);
        }
 
+       if (me->extra_opts != NULL)
+               xtables_check_options(me->name, me->extra_opts);
+
        /* ignore not interested match */
        if (me->family != afinfo->family && me->family != AF_UNSPEC)
                return;
@@ -845,6 +859,9 @@ void xtables_register_target(struct xtables_target *me)
                exit(1);
        }
 
+       if (me->extra_opts != NULL)
+               xtables_check_options(me->name, me->extra_opts);
+
        /* ignore not interested target */
        if (me->family != afinfo->family && me->family != AF_UNSPEC)
                return;