From: Jan Engelhardt <jengelh@medozas.de>
Date: Sat, 8 Jan 2011 01:47:02 +0000 (+0100)
Subject: ip[6]tables: only call target's parse function when option char is in range
X-Git-Tag: v1.4.11~104
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fa503ad59f73d20d85f4cdf53324a01d2ad8591e;p=thirdparty%2Fiptables.git

ip[6]tables: only call target's parse function when option char is in range

Same as previous commit. Doing this actually allows to remove code
that is no longer needed.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---

diff --git a/ip6tables.c b/ip6tables.c
index 4ca4bfec..d4c2339b 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1706,6 +1706,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
 		default:
 			if (target == NULL || target->parse == NULL ||
+			    c < target->option_offset ||
+			    c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
 			    !target->parse(c - target->option_offset,
 					       argv, invert,
 					       &target->tflags,
diff --git a/iptables.c b/iptables.c
index bcacd49f..b45211a9 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1738,6 +1738,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 
 		default:
 			if (target == NULL || target->parse == NULL ||
+			    c < target->option_offset ||
+			    c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
 			    !target->parse(c - target->option_offset,
 					       argv, invert,
 					       &target->tflags,