[netfilter-cvslog] r7304 - trunk/iptables

kaber at trash.net kaber at trash.net
Tue Jan 29 14:45:30 CET 2008 

Author: kaber at trash.net
Date: 2008-01-29 14:45:29 +0100 (Tue, 29 Jan 2008)
New Revision: 7304

Modified:
   trunk/iptables/ip6tables-restore.c
   trunk/iptables/iptables-restore.c
Log:
[PATCH]: unescape parameters

Max Kellermann <max at duempel.org>


Modified: trunk/iptables/ip6tables-restore.c
===================================================================
--- trunk/iptables/ip6tables-restore.c	2008-01-29 13:44:34 UTC (rev 7303)
+++ trunk/iptables/ip6tables-restore.c	2008-01-29 13:45:29 UTC (rev 7304)
@@ -311,8 +311,9 @@
 			char *parsestart;
 
 			/* the parser */
-			char *param_start, *curchar;
-			int quote_open;
+			char *curchar;
+			int quote_open, escaped;
+			size_t param_len;
 
 			/* reset the newargv */
 			newargc = 0;
@@ -359,42 +360,46 @@
 			 * longer a real hacker, but I can live with that */
 
 			quote_open = 0;
-			param_start = parsestart;
+			escaped = 0;
+			param_len = 0;
 
 			for (curchar = parsestart; *curchar; curchar++) {
-				if (*curchar == '"') {
-					/* quote_open cannot be true if there
-					 * was no previous character.  Thus, 
-					 * curchar-1 has to be within bounds */
-					if (quote_open && 
-					    *(curchar-1) != '\\') {
+				char param_buffer[1024];
+
+				if (escaped) {
+					param_buffer[param_len++] = *curchar;
+					escaped = 0;
+					continue;
+				}
+
+				if (quote_open) {
+					if (*curchar == '\\') {
+						escaped = 1;
+						continue;
+					} else if (*curchar == '"') {
 						quote_open = 0;
 						*curchar = ' ';
 					} else {
+						param_buffer[param_len++] = *curchar;
+						continue;
+					}
+				} else {
+					if (*curchar == '"') {
 						quote_open = 1;
-						param_start++;
+						continue;
 					}
-				} 
+				}
+
 				if (*curchar == ' '
 				    || *curchar == '\t'
 				    || * curchar == '\n') {
-					char param_buffer[1024];
-					int param_len = curchar-param_start;
-
-					if (quote_open)
-						continue;
-
 					if (!param_len) {
 						/* two spaces? */
-						param_start++;
 						continue;
 					}
-					
-					/* end of one parameter */
-					strncpy(param_buffer, param_start,
-						param_len);
-					*(param_buffer+param_len) = '\0';
 
+					param_buffer[param_len] = '\0';
+
 					/* check if table name specified */
 					if (!strncmp(param_buffer, "-t", 3)
                                             || !strncmp(param_buffer, "--table", 8)) {
@@ -405,9 +410,14 @@
 					}
 
 					add_argv(param_buffer);
-					param_start += param_len + 1;
+					param_len = 0;
 				} else {
-					/* regular character, skip */
+					/* regular character, copy to buffer */
+					param_buffer[param_len++] = *curchar;
+
+					if (param_len >= sizeof(param_buffer))
+						exit_error(PARAMETER_PROBLEM, 
+						   "Parameter too long!");
 				}
 			}
 

Modified: trunk/iptables/iptables-restore.c
===================================================================
--- trunk/iptables/iptables-restore.c	2008-01-29 13:44:34 UTC (rev 7303)
+++ trunk/iptables/iptables-restore.c	2008-01-29 13:45:29 UTC (rev 7304)
@@ -319,7 +319,7 @@
 
 			/* the parser */
 			char *curchar;
-			int quote_open;
+			int quote_open, escaped;
 			size_t param_len;
 
 			/* reset the newargv */
@@ -367,34 +367,39 @@
 			 * longer a real hacker, but I can live with that */
 
 			quote_open = 0;
+			escaped = 0;
 			param_len = 0;
 
 			for (curchar = parsestart; *curchar; curchar++) {
 				char param_buffer[1024];
 
-				if (*curchar == '"') {
-					/* quote_open cannot be true if there
-					 * was no previous character.  Thus, 
-					 * curchar-1 has to be within bounds */
-					if (quote_open && 
-					    *(curchar-1) != '\\') {
+				if (escaped) {
+					param_buffer[param_len++] = *curchar;
+					escaped = 0;
+					continue;
+				}
+
+				if (quote_open) {
+					if (*curchar == '\\') {
+						escaped = 1;
+						continue;
+					} else if (*curchar == '"') {
 						quote_open = 0;
 						*curchar = ' ';
-					} else if (!quote_open) {
+					} else {
+						param_buffer[param_len++] = *curchar;
+						continue;
+					}
+				} else {
+					if (*curchar == '"') {
 						quote_open = 1;
 						continue;
 					}
-				} 
+				}
+
 				if (*curchar == ' '
 				    || *curchar == '\t'
 				    || * curchar == '\n') {
-
-					if (quote_open) {
-						param_buffer[param_len++] = 
-								*curchar;
-						continue;
-					}
-
 					if (!param_len) {
 						/* two spaces? */
 						continue;
@@ -414,18 +419,6 @@
 					add_argv(param_buffer);
 					param_len = 0;
 				} else {
-					/* Skip backslash that escapes quote: 
-					 * the standard input does not require
-					 * escaping. However, the output
-					 * generated by iptables-save
-					 * introduces bashlash to keep
-					 * consistent with iptables
-					 */
-					if (quote_open &&
-					    *curchar == '\\' &&
-					    *(curchar+1) == '"')
-						continue;
-
 					/* regular character, copy to buffer */
 					param_buffer[param_len++] = *curchar;

More information about the netfilter-cvslog mailing list