xtables: fix segfault if incorrect protocol name is used

This patch fixes a segfault that can be triggered if you use an
incorrect protocol, e.g.

# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
Segmentation fault

With this patch:

# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
iptables v1.4.3.2: unknown protocol `lala' specified
Try `iptables -h' or 'iptables --help' for more information

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/xtables.c b/xtables.c
index a01d4ea0106fb5d9d929dba64c04f14728950c92..e0183310b2ea5ce1bbb77a38c1d3f43c898df682 100644 (file)
--- a/xtables.c
+++ b/xtables.c
@@ -1502,6 +1502,9 @@ xtables_parse_protocol(const char *s)
                else {
                        unsigned int i;
                        for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) {
+                               if (xtables_chain_protos[i].name == NULL)
+                                       continue;
+
                                if (strcmp(s, xtables_chain_protos[i].name) == 0) {
                                        proto = xtables_chain_protos[i].num;
                                        break;