From: Jan Engelhardt <jengelh@medozas.de>
Date: Tue, 6 Oct 2009 22:40:19 +0000 (+0200)
Subject: pknock: add_rule must happen after info struct checks
X-Git-Tag: v1.19~2^2~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=204b612e230bc8afdceed5d0443da27d4f4b83c8;p=thirdparty%2Fxtables-addons.git

pknock: add_rule must happen after info struct checks

This avoids unnecessarily creating pknock rules if there is an error
with any of the match parameters.
---

diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c
index 97ccec3..bb65312 100644
--- a/extensions/xt_pknock.c
+++ b/extensions/xt_pknock.c
@@ -1034,9 +1034,6 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
 		get_random_bytes(&ipt_pknock_hash_rnd, sizeof (ipt_pknock_hash_rnd));
 	}
 
-	if (!add_rule(info))
-		RETURN_ERR("add_rule() error in checkentry() function.\n");
-
 	if (!(info->option & XT_PKNOCK_NAME))
 		RETURN_ERR("You must specify --name option.\n");
 
@@ -1081,6 +1078,9 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
 	}
 #endif
 
+	if (!add_rule(info))
+		RETURN_ERR("add_rule() error in checkentry() function.\n");
+
 	return true;
 }