ip[6]tables: only call target's parse function when option char is in range

Same as previous commit. Doing this actually allows to remove code
that is no longer needed.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/ip6tables.c b/ip6tables.c
index 4ca4bfeca089de9c1497541e667bab468fd0f2cf..d4c2339b1d541315b0a21626d5ca8b3c81bb98fa 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1706,6 +1706,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
                default:
                        if (target == NULL || target->parse == NULL ||
+                           c < target->option_offset ||
+                           c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
                            !target->parse(c - target->option_offset,
                                               argv, invert,
                                               &target->tflags,

diff --git a/iptables.c b/iptables.c
index bcacd49f29137c32b21ea3bc2f6405bdbd34d160..b45211a982681321aa47c65e96fe1ed1c6d6b37d 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -1738,6 +1738,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
                default:
                        if (target == NULL || target->parse == NULL ||
+                           c < target->option_offset ||
+                           c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
                            !target->parse(c - target->option_offset,
                                               argv, invert,
                                               &target->tflags,