[netfilter-cvslog] r6899 - trunk/iptables/extensions
kaber at trash.net
kaber at trash.net
Tue Jul 3 14:52:55 CEST 2007
Author: kaber at trash.net
Date: 2007-07-03 14:52:55 +0200 (Tue, 03 Jul 2007)
New Revision: 6899
Modified:
trunk/iptables/extensions/libipt_statistic.c
Log:
[PATCH]: libipt_statistic: add a few missing validity checks
Signed-off-by: Nicolas Bouliane
Modified: trunk/iptables/extensions/libipt_statistic.c
===================================================================
--- trunk/iptables/extensions/libipt_statistic.c 2007-07-02 14:15:46 UTC (rev 6898)
+++ trunk/iptables/extensions/libipt_statistic.c 2007-07-03 12:52:55 UTC (rev 6899)
@@ -113,6 +113,15 @@
if (flags & 0x8 && info->mode != XT_STATISTIC_MODE_NTH)
exit_error(PARAMETER_PROBLEM,
"--packet can only be used in nth mode");
+ if ((flags & 0x8) && !(flags & 0x4))
+ exit_error(PARAMETER_PROBLEM,
+ "--packet can only be used with --every");
+ /* at this point, info->u.nth.every have been decreased. */
+ if (!(info->u.nth.packet >= 0 && info->u.nth.packet <= info->u.nth.every))
+ exit_error(PARAMETER_PROBLEM,
+ "the --packet p must be 0 <= p <= n-1");
+
+
info->u.nth.count = info->u.nth.every - info->u.nth.packet;
}
More information about the netfilter-cvslog
mailing list