fix problem with iptables-restore and quotes (close bugzilla id 505)

author Pablo Neira Ayuso <pablo@netfilter.org>

Wed, 18 Apr 2007 10:27:02 +0000 (10:27 +0000)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Wed, 18 Apr 2007 10:27:02 +0000 (10:27 +0000)
author Pablo Neira Ayuso <pablo@netfilter.org>
Wed, 18 Apr 2007 10:27:02 +0000 (10:27 +0000)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Wed, 18 Apr 2007 10:27:02 +0000 (10:27 +0000)
diff --git a/iptables-restore.c b/iptables-restore.c

index 89acd73d87e1ff4cb464d3f77ff223f620992b16..9b8563ad4b8d8425bb535665dfb214c067d8df31 100644 (file)
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -301,8 +301,9 @@ main(int argc, char *argv[])
                         char *parsestart;
  
                         /* the parser */
-                       char *param_start, *curchar;
+                       char *curchar;
                         int quote_open;
+                       int param_len;
  
                         /* reset the newargv */
                         newargc = 0;
@@ -349,9 +350,11 @@ main(int argc, char *argv[])
                          * longer a real hacker, but I can live with that */
  
                         quote_open = 0;
-                       param_start = parsestart;
+                       param_len = 0;
                         
                         for (curchar = parsestart; *curchar; curchar++) {
+                               char param_buffer[1024];
+
                                 if (*curchar == '"') {
                                         /* quote_open cannot be true if there
                                          * was no previous character.  Thus, 
@@ -360,30 +363,27 @@ main(int argc, char *argv[])
                                             *(curchar-1) != '\\') {
                                                 quote_open = 0;
                                                 *curchar = ' ';
-                                       } else {
+                                       } else if (!quote_open) {
                                                 quote_open = 1;
-                                               param_start++;
+                                               continue;
                                         }
                                 } 
                                 if (*curchar == ' '
                                     || *curchar == '\t'
                                     || * curchar == '\n') {
-                                       char param_buffer[1024];
-                                       int param_len = curchar-param_start;
  
-                                       if (quote_open)
+                                       if (quote_open) {
+                                               param_buffer[param_len++] = 
+                                                               *curchar;
                                                 continue;
+                                       }
  
                                         if (!param_len) {
                                                 /* two spaces? */
-                                               param_start++;
                                                 continue;
                                         }
-                                       
-                                       /* end of one parameter */
-                                       strncpy(param_buffer, param_start,
-                                               param_len);
-                                       *(param_buffer+param_len) = '\0';
+
+                                       param_buffer[param_len] = '\0';
  
                                         /* check if table name specified */
                                         if (!strncmp(param_buffer, "-t", 3)
@@ -395,9 +395,26 @@ main(int argc, char *argv[])
                                         }
  
                                         add_argv(param_buffer);
-                                       param_start += param_len + 1;
+                                       param_len = 0;
                                 } else {
-                                       /* regular character, skip */
+                                       /* Skip backslash that escapes quote: 
+                                        * the standard input does not require
+                                        * escaping. However, the output
+                                        * generated by iptables-save
+                                        * introduces bashlash to keep
+                                        * consistent with iptables
+                                        */
+                                       if (quote_open &&
+                                           *curchar == '\\' &&
+                                           *(curchar+1) == '"')
+                                               continue;
+
+                                       /* regular character, copy to buffer */
+                                       param_buffer[param_len++] = *curchar;
+
+                                       if (param_len >= sizeof(param_buffer))
+                                               exit_error(PARAMETER_PROBLEM, 
+                                                  "Parameter too long!");
                                 }
                         }
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 18 Apr 2007 10:27:02 +0000 (10:27 +0000)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 18 Apr 2007 10:27:02 +0000 (10:27 +0000)