iptables-xml: fix segfault if missing space after -A

As pointed out by Bernhard Reutner-Fischer, a malformed line fed to
iptables-xml such as the below with a missing space after the -A:

	-APOSTROUTING -d 1.1.1.1/32 -p tcp -j MASQUERADE

causes a segfault.  Patch attached.

This closes netfilter bugzilla #886.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c
index 962844762fc4e9ea0421f5d1fbdf802169f0df20..c7615abbcff220c379810930e78ab916d4c57745 100644 (file)
--- a/iptables/iptables-xml.c
+++ b/iptables/iptables-xml.c
@@ -845,6 +845,11 @@ iptables_xml_main(int argc, char *argv[])
                        for (a = 0; a < newargc; a++)
                                DEBUGP("argv[%u]: %s\n", a, newargv[a]);
 
+                       if (!chain) {
+                               fprintf(stderr, "%s: line %u failed - no chain found\n",
+                                       prog_name, line);
+                               exit(1);
+                       }
                        needChain(chain);// Should we explicitly look for -A
                        do_rule(pcnt, bcnt, newargc, newargv, newargvattr);