From: Florian Westphal <fw@strlen.de>
Date: Thu, 10 May 2012 05:42:47 +0000 (+0000)
Subject: ip(6)tables-restore: make sure argv is NULL terminated
X-Git-Tag: v1.4.14~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb999dfdaf25d5a774d2ee84cb99355438d57c93;p=thirdparty%2Fiptables.git

ip(6)tables-restore: make sure argv is NULL terminated

Else, argv[argc] may point to free'd memory.

Some extensions, e.g. rateest, may fail to parse valid input
because argv[optind] (with optind == argc) is not NULL.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index 92bdc302..3894d68d 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -98,7 +98,7 @@ static int add_argv(char *what) {
 	DEBUGP("add_argv: %s\n", what);
 	if (what && newargc + 1 < ARRAY_SIZE(newargv)) {
 		newargv[newargc] = strdup(what);
-		newargc++;
+		newargv[++newargc] = NULL;
 		return 1;
 	} else {
 		xtables_error(PARAMETER_PROBLEM,
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index 6b1c7929..034f9606 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -97,7 +97,7 @@ static int add_argv(char *what) {
 	DEBUGP("add_argv: %s\n", what);
 	if (what && newargc + 1 < ARRAY_SIZE(newargv)) {
 		newargv[newargc] = strdup(what);
-		newargc++;
+		newargv[++newargc] = NULL;
 		return 1;
 	} else {
 		xtables_error(PARAMETER_PROBLEM,