libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff

http://bugzilla.netfilter.org/show_bug.cgi?id=577

When using the -m policy match, the option argument for --spi is converted
using strtol(), which returns a signed 32 bit value, so the highest
positive value is 0x7fffffff. Instead strtoul() should be used.
The same applies for the --reqid option argument.

Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 7c1a1e71022170c54d9548d3231c287c0a0f6f3a..7ea72cd9ed9e31b3d72ac1ede8736748e114c1e5 100644 (file)
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -198,7 +198,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
 
                e->match.reqid = 1;
                e->invert.reqid = invert;
-               e->reqid = strtol(argv[optind-1], NULL, 10);
+               e->reqid = strtoul(argv[optind-1], NULL, 10);
                break;
        case '5':
                if (e->match.spi)
@@ -207,7 +207,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
 
                e->match.spi = 1;
                e->invert.spi = invert;
-               e->spi = strtol(argv[optind-1], NULL, 0x10);
+               e->spi = strtoul(argv[optind-1], NULL, 0x10);
                break;
        case '6':
                if (e->match.saddr)

diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 6ae51e7c5e92e75db414ed5436115851ebc05612..a538927f99707046bde4975965288f60a9ffeeb2 100644 (file)
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -166,7 +166,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
 
                e->match.reqid = 1;
                e->invert.reqid = invert;
-               e->reqid = strtol(argv[optind-1], NULL, 10);
+               e->reqid = strtoul(argv[optind-1], NULL, 10);
                break;
        case '5':
                if (e->match.spi)
@@ -175,7 +175,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
 
                e->match.spi = 1;
                e->invert.spi = invert;
-               e->spi = strtol(argv[optind-1], NULL, 0x10);
+               e->spi = strtoul(argv[optind-1], NULL, 0x10);
                break;
        case '6':
                if (e->match.saddr)