[iptables] libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff

Patrick McHardy netfilter-cvslog-bounces at lists.netfilter.org
Tue Feb 17 17:32:25 CET 2009


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=6db2ded2f22a7e78743c86af523b8430876582e9
commit 6db2ded2f22a7e78743c86af523b8430876582e9
Author:     Christian Perle <chris at linuxinfotag.de>
AuthorDate: Tue Feb 17 17:31:52 2009 +0100
Commit:     Patrick McHardy <kaber at trash.net>
CommitDate: Tue Feb 17 17:31:52 2009 +0100

    libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff
    
    http://bugzilla.netfilter.org/show_bug.cgi?id=577
    
    When using the -m policy match, the option argument for --spi is converted
    using strtol(), which returns a signed 32 bit value, so the highest
    positive value is 0x7fffffff. Instead strtoul() should be used.
    The same applies for the --reqid option argument.
    
    Signed-off-by: Patrick McHardy <kaber at trash.net>
       via  6db2ded2f22a7e78743c86af523b8430876582e9 (commit)
      from  0ff6b46a331b7fa620c40d3110be5b3deb3c40a6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6db2ded2f22a7e78743c86af523b8430876582e9
Author: Christian Perle <chris at linuxinfotag.de>
Date:   Tue Feb 17 17:31:52 2009 +0100

    libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff
    
    http://bugzilla.netfilter.org/show_bug.cgi?id=577
    
    When using the -m policy match, the option argument for --spi is converted
    using strtol(), which returns a signed 32 bit value, so the highest
    positive value is 0x7fffffff. Instead strtoul() should be used.
    The same applies for the --reqid option argument.
    
    Signed-off-by: Patrick McHardy <kaber at trash.net>

-----------------------------------------------------------------------

 extensions/libip6t_policy.c |    4 ++--
 extensions/libipt_policy.c  |    4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
http://bugzilla.netfilter.org/show_bug.cgi?id=577

When using the -m policy match, the option argument for --spi is converted
using strtol(), which returns a signed 32 bit value, so the highest
positive value is 0x7fffffff. Instead strtoul() should be used.
The same applies for the --reqid option argument.

Signed-off-by: Patrick McHardy <kaber at trash.net>

diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 7c1a1e7..7ea72cd 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -198,7 +198,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
 
 		e->match.reqid = 1;
 		e->invert.reqid = invert;
-		e->reqid = strtol(argv[optind-1], NULL, 10);
+		e->reqid = strtoul(argv[optind-1], NULL, 10);
 		break;
 	case '5':
 		if (e->match.spi)
@@ -207,7 +207,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
 
 		e->match.spi = 1;
 		e->invert.spi = invert;
-		e->spi = strtol(argv[optind-1], NULL, 0x10);
+		e->spi = strtoul(argv[optind-1], NULL, 0x10);
 		break;
 	case '6':
 		if (e->match.saddr)
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 6ae51e7..a538927 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -166,7 +166,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
 
 		e->match.reqid = 1;
 		e->invert.reqid = invert;
-		e->reqid = strtol(argv[optind-1], NULL, 10);
+		e->reqid = strtoul(argv[optind-1], NULL, 10);
 		break;
 	case '5':
 		if (e->match.spi)
@@ -175,7 +175,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
 
 		e->match.spi = 1;
 		e->invert.spi = invert;
-		e->spi = strtol(argv[optind-1], NULL, 0x10);
+		e->spi = strtoul(argv[optind-1], NULL, 0x10);
 		break;
 	case '6':
 		if (e->match.saddr)



More information about the netfilter-cvslog mailing list