[iptables] libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Tue Feb 17 17:32:25 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=6db2ded2f22a7e78743c86af523b8430876582e9
commit 6db2ded2f22a7e78743c86af523b8430876582e9
Author: Christian Perle <chris at linuxinfotag.de>
AuthorDate: Tue Feb 17 17:31:52 2009 +0100
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Tue Feb 17 17:31:52 2009 +0100
libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff
http://bugzilla.netfilter.org/show_bug.cgi?id=577
When using the -m policy match, the option argument for --spi is converted
using strtol(), which returns a signed 32 bit value, so the highest
positive value is 0x7fffffff. Instead strtoul() should be used.
The same applies for the --reqid option argument.
Signed-off-by: Patrick McHardy <kaber at trash.net>
via 6db2ded2f22a7e78743c86af523b8430876582e9 (commit)
from 0ff6b46a331b7fa620c40d3110be5b3deb3c40a6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6db2ded2f22a7e78743c86af523b8430876582e9
Author: Christian Perle <chris at linuxinfotag.de>
Date: Tue Feb 17 17:31:52 2009 +0100
libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff
http://bugzilla.netfilter.org/show_bug.cgi?id=577
When using the -m policy match, the option argument for --spi is converted
using strtol(), which returns a signed 32 bit value, so the highest
positive value is 0x7fffffff. Instead strtoul() should be used.
The same applies for the --reqid option argument.
Signed-off-by: Patrick McHardy <kaber at trash.net>
-----------------------------------------------------------------------
extensions/libip6t_policy.c | 4 ++--
extensions/libipt_policy.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
http://bugzilla.netfilter.org/show_bug.cgi?id=577
When using the -m policy match, the option argument for --spi is converted
using strtol(), which returns a signed 32 bit value, so the highest
positive value is 0x7fffffff. Instead strtoul() should be used.
The same applies for the --reqid option argument.
Signed-off-by: Patrick McHardy <kaber at trash.net>
diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 7c1a1e7..7ea72cd 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -198,7 +198,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
e->match.reqid = 1;
e->invert.reqid = invert;
- e->reqid = strtol(argv[optind-1], NULL, 10);
+ e->reqid = strtoul(argv[optind-1], NULL, 10);
break;
case '5':
if (e->match.spi)
@@ -207,7 +207,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
e->match.spi = 1;
e->invert.spi = invert;
- e->spi = strtol(argv[optind-1], NULL, 0x10);
+ e->spi = strtoul(argv[optind-1], NULL, 0x10);
break;
case '6':
if (e->match.saddr)
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 6ae51e7..a538927 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -166,7 +166,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
e->match.reqid = 1;
e->invert.reqid = invert;
- e->reqid = strtol(argv[optind-1], NULL, 10);
+ e->reqid = strtoul(argv[optind-1], NULL, 10);
break;
case '5':
if (e->match.spi)
@@ -175,7 +175,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
e->match.spi = 1;
e->invert.spi = invert;
- e->spi = strtol(argv[optind-1], NULL, 0x10);
+ e->spi = strtoul(argv[optind-1], NULL, 0x10);
break;
case '6':
if (e->match.saddr)
More information about the netfilter-cvslog
mailing list