From: Phil Oester <kernel@linuxace.com>
Date: Fri, 24 Jan 2014 06:06:58 +0000 (-0800)
Subject: iptables-xml: fix segfault if missing space after -A
X-Git-Tag: v1.6.0~114
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f53b78e423d82b0c71c076480f52edeb5eaec5f8;p=thirdparty%2Fiptables.git

iptables-xml: fix segfault if missing space after -A

As pointed out by Bernhard Reutner-Fischer, a malformed line fed to
iptables-xml such as the below with a missing space after the -A:

	-APOSTROUTING -d 1.1.1.1/32 -p tcp -j MASQUERADE

causes a segfault.  Patch attached.

This closes netfilter bugzilla #886.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c
index 96284476..c7615abb 100644
--- a/iptables/iptables-xml.c
+++ b/iptables/iptables-xml.c
@@ -845,6 +845,11 @@ iptables_xml_main(int argc, char *argv[])
 			for (a = 0; a < newargc; a++)
 				DEBUGP("argv[%u]: %s\n", a, newargv[a]);
 
+			if (!chain) {
+				fprintf(stderr, "%s: line %u failed - no chain found\n",
+					prog_name, line);
+				exit(1);
+			}
 			needChain(chain);// Should we explicitly look for -A
 			do_rule(pcnt, bcnt, newargc, newargv, newargvattr);