Don't allow using --next option without specifying a policy element

diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index c3f7702036bfd909ff44194901c53a37efd5fdd2..189ca6e1d62a2df93504b0ae7918c519abb0cf59 100644 (file)
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -220,7 +220,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
                if (e->match.spi)
                        exit_error(PARAMETER_PROBLEM,
                                   "policy match: double --spi option");
-               
+
                e->match.spi = 1;
                e->invert.spi = invert;
                e->spi = strtol(argv[optind-1], NULL, 0x10);
@@ -272,7 +272,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
                if (e->match.mode)
                        exit_error(PARAMETER_PROBLEM,
                                   "policy match: double --mode option");
-               
+
                mode = parse_mode(argv[optind-1]);
                e->match.mode = 1;
                e->invert.mode = invert;
@@ -283,6 +283,11 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
                        exit_error(PARAMETER_PROBLEM,
                                   "policy match: can't invert --next option");
 
+                if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+                      e->match.daddr || e->match.proto || e->match.mode))
+                        exit_error(PARAMETER_PROBLEM,
+                                   "policy match: --next without policy element specification");
+
                if (++info->len == IP6T_POLICY_MAX_ELEM)
                        exit_error(PARAMETER_PROBLEM,
                                   "policy match: maximum policy depth reached");

diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 403b1b730c36b3240a8f94a68a17a672945531e8..df4916d63fc7a373f203f13d5997a033f57e2edc 100644 (file)
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -180,7 +180,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
                if (e->match.spi)
                        exit_error(PARAMETER_PROBLEM,
                                   "policy match: double --spi option");
-               
+
                e->match.spi = 1;
                e->invert.spi = invert;
                e->spi = strtol(argv[optind-1], NULL, 0x10);
@@ -232,7 +232,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
                if (e->match.mode)
                        exit_error(PARAMETER_PROBLEM,
                                   "policy match: double --mode option");
-               
+
                mode = parse_mode(argv[optind-1]);
                e->match.mode = 1;
                e->invert.mode = invert;
@@ -243,6 +243,11 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
                        exit_error(PARAMETER_PROBLEM,
                                   "policy match: can't invert --next option");
 
+               if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+                     e->match.daddr || e->match.proto || e->match.mode))
+                       exit_error(PARAMETER_PROBLEM,
+                                  "policy match: --next without policy element specification");
+
                if (++info->len == IPT_POLICY_MAX_ELEM)
                        exit_error(PARAMETER_PROBLEM,
                                   "policy match: maximum policy depth reached");