[netfilter-cvslog] r6802 - trunk/iptables

pablo at netfilter.org pablo at netfilter.org
Wed Apr 18 12:27:02 CEST 2007 

Author: pablo at netfilter.org
Date: 2007-04-18 12:27:02 +0200 (Wed, 18 Apr 2007)
New Revision: 6802

Modified:
   trunk/iptables/iptables-restore.c
Log:
fix problem with iptables-restore and quotes (close bugzilla id 505)


Modified: trunk/iptables/iptables-restore.c
===================================================================
--- trunk/iptables/iptables-restore.c	2007-04-18 07:00:36 UTC (rev 6801)
+++ trunk/iptables/iptables-restore.c	2007-04-18 10:27:02 UTC (rev 6802)
@@ -301,8 +301,9 @@
 			char *parsestart;
 
 			/* the parser */
-			char *param_start, *curchar;
+			char *curchar;
 			int quote_open;
+			int param_len;
 
 			/* reset the newargv */
 			newargc = 0;
@@ -349,9 +350,11 @@
 			 * longer a real hacker, but I can live with that */
 
 			quote_open = 0;
-			param_start = parsestart;
+			param_len = 0;
 			
 			for (curchar = parsestart; *curchar; curchar++) {
+				char param_buffer[1024];
+
 				if (*curchar == '"') {
 					/* quote_open cannot be true if there
 					 * was no previous character.  Thus, 
@@ -360,31 +363,28 @@
 					    *(curchar-1) != '\\') {
 						quote_open = 0;
 						*curchar = ' ';
-					} else {
+					} else if (!quote_open) {
 						quote_open = 1;
-						param_start++;
+						continue;
 					}
 				} 
 				if (*curchar == ' '
 				    || *curchar == '\t'
 				    || * curchar == '\n') {
-					char param_buffer[1024];
-					int param_len = curchar-param_start;
 
-					if (quote_open)
+					if (quote_open) {
+						param_buffer[param_len++] = 
+								*curchar;
 						continue;
+					}
 
 					if (!param_len) {
 						/* two spaces? */
-						param_start++;
 						continue;
 					}
-					
-					/* end of one parameter */
-					strncpy(param_buffer, param_start,
-						param_len);
-					*(param_buffer+param_len) = '\0';
 
+					param_buffer[param_len] = '\0';
+
 					/* check if table name specified */
 					if (!strncmp(param_buffer, "-t", 3)
                                             || !strncmp(param_buffer, "--table", 8)) {
@@ -395,9 +395,26 @@
 					}
 
 					add_argv(param_buffer);
-					param_start += param_len + 1;
+					param_len = 0;
 				} else {
-					/* regular character, skip */
+					/* Skip backslash that escapes quote: 
+					 * the standard input does not require
+					 * escaping. However, the output
+					 * generated by iptables-save
+					 * introduces bashlash to keep
+					 * consistent with iptables
+					 */
+					if (quote_open &&
+					    *curchar == '\\' &&
+					    *(curchar+1) == '"')
+						continue;
+
+					/* regular character, copy to buffer */
+					param_buffer[param_len++] = *curchar;
+
+					if (param_len >= sizeof(param_buffer))
+						exit_error(PARAMETER_PROBLEM, 
+						   "Parameter too long!");
 				}
 			}

More information about the netfilter-cvslog mailing list