git.ipfire.org Git - thirdparty/iptables.git/commit

author	Phil Sutter <phil@nwl.cc>
	Tue, 9 Apr 2024 11:18:12 +0000 (13:18 +0200)
committer	Phil Sutter <phil@nwl.cc>
	Tue, 9 Apr 2024 23:08:45 +0000 (01:08 +0200)
commit	a2911408959d7e86bc4bad4f1be2551a19ad125c
tree	27c680e0a60c55923e49df5eaa7214bce0dc304e	tree
parent	400fb98dde882da4c1d2c763de3f16a8ba1484b4	commit \| diff

xshared: Fix parsing of empty string arg in '-c' option

Calling iptables with '-c ""' resulted in a call to strchr() with an
invalid pointer as 'optarg + 1' points to past the buffer. The most
simple fix is to drop the offset: The global optstring part specifies a
single colon after 'c', so getopt() enforces a valid pointer in optarg.
If it contains a comma at first position, packet counter value parsing
will fail so all cases are covered.

Reported-by: gorbanev.es@gmail.com
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1741
Fixes: 60a6073690a45 ("Make --set-counters (-c) accept comma separated counters")
Signed-off-by: Phil Sutter <phil@nwl.cc>

extensions/iptables.t		diff \| blob \| blame \| history
iptables/xshared.c		diff \| blob \| blame \| history