[netfilter-cvslog] r3985 - trunk/iptables/extensions

[laforge at netfilter.org]

Author: laforge at netfilter.org
Date: 2005-06-22 14:22:44 +0200 (Wed, 22 Jun 2005)
New Revision: 3985

Modified:
   trunk/iptables/extensions/libipt_DNAT.c
   trunk/iptables/extensions/libipt_SNAT.c
Log:
This patch prevents user to set negative port value of SNAT/DNAT.
(Yasuyuki Kozakai)


Modified: trunk/iptables/extensions/libipt_DNAT.c
===================================================================
--- trunk/iptables/extensions/libipt_DNAT.c	2005-06-19 12:30:28 UTC (rev 3984)
+++ trunk/iptables/extensions/libipt_DNAT.c	2005-06-22 12:22:44 UTC (rev 3985)
@@ -73,7 +73,7 @@
 		range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
 
 		port = atoi(colon+1);
-		if (port == 0 || port > 65535)
+		if (port <= 0 || port > 65535)
 			exit_error(PARAMETER_PROBLEM,
 				   "Port `%s' not valid\n", colon+1);
 
@@ -91,7 +91,7 @@
 			int maxport;
 
 			maxport = atoi(dash + 1);
-			if (maxport == 0 || maxport > 65535)
+			if (maxport <= 0 || maxport > 65535)
 				exit_error(PARAMETER_PROBLEM,
 					   "Port `%s' not valid\n", dash+1);
 			if (maxport < port)

Modified: trunk/iptables/extensions/libipt_SNAT.c
===================================================================
--- trunk/iptables/extensions/libipt_SNAT.c	2005-06-19 12:30:28 UTC (rev 3984)
+++ trunk/iptables/extensions/libipt_SNAT.c	2005-06-22 12:22:44 UTC (rev 3985)
@@ -73,7 +73,7 @@
 		range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
 
 		port = atoi(colon+1);
-		if (port == 0 || port > 65535)
+		if (port <= 0 || port > 65535)
 			exit_error(PARAMETER_PROBLEM,
 				   "Port `%s' not valid\n", colon+1);
 
@@ -91,7 +91,7 @@
 			int maxport;
 
 			maxport = atoi(dash + 1);
-			if (maxport == 0 || maxport > 65535)
+			if (maxport <= 0 || maxport > 65535)
 				exit_error(PARAMETER_PROBLEM,
 					   "Port `%s' not valid\n", dash+1);
 			if (maxport < port)