From: Phil Sutter <phil@nwl.cc>
Date: Wed, 23 Apr 2025 10:36:13 +0000 (+0200)
Subject: xshared: Accept an option if any given command allows it
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;p=thirdparty%2Fiptables.git

xshared: Accept an option if any given command allows it

Fixed commit made option checking overly strict: Some commands may be
commbined (foremost --list and --zero), reject a given option only if it
is not allowed by any of the given commands.

Reported-by: Adam Nielsen <a.nielsen@shikadi.net>
Fixes: 9c09d28102bb4 ("xshared: Simplify generic_opt_check()")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/iptables/xshared.c b/iptables/xshared.c
index cdfd11ab..fc61e0fd 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -980,7 +980,7 @@ static void generic_opt_check(struct xt_cmd_parse_ops *ops,
 	 */
 	for (i = 0, optval = 1; i < NUMBER_OF_OPT; optval = (1 << ++i)) {
 		if ((options & optval) &&
-		    (options_v_commands[i] & command) != command)
+		    !(options_v_commands[i] & command))
 			xtables_error(PARAMETER_PROBLEM,
 				      "Illegal option `%s' with this command",
 				      ops->option_name(optval));