[iptables] libxt_policy: use bounded strtoui

Patrick McHardy netfilter-cvslog-bounces at lists.netfilter.org
Mon Feb 23 17:55:55 CET 2009


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=da68957303dea58632466d79d52f83bcbbca8925
commit da68957303dea58632466d79d52f83bcbbca8925
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 04:00:21 2009 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 04:01:48 2009 +0100

    libxt_policy: use bounded strtoui
    
    reqid and SPI can only have a value in the range 0..UINT32_MAX, not
    the entire range of the "long" type. Also throw an error if the
    incoming string does not look like a pure number.
    
    "Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9.
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit afe6b357db60c7d70379a27360c10a352bf55203
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 03:44:36 2009 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 03:44:36 2009 +0100

    extensions: remove unwanted/add needed includes for IPv4 exts
    
    Most touched files do not use anything from ip_tables.h, so
    remove that #include. multiport instead, does need it (ipt_entry).
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 2bc9d348e11820567685670147bd58deef2f938f
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 03:40:27 2009 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 03:40:27 2009 +0100

    extensions: remove unwanted/add needed includes for IPv6 exts
    
    Most touched files do not use anything from ip6_tables.h, so
    remove that #include. multiport instead, does need it (ip6t_entry).
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 1829ed482efbc8b390cc760d012b3a4450494e1a
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 03:29:44 2009 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 03:29:44 2009 +0100

    libxtables: prefix exit_error to xtables_error
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit bddcb92d1f0f76d21c4469b1667c8199c9fab126
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 02:48:11 2009 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 02:48:11 2009 +0100

    libxtables: inline and remove unused OPTION_OFFSET macro
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 1791a45b279db742d6de35ea8dc1ad9dda4acb73
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Feb 20 16:39:54 2009 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 02:46:22 2009 +0100

    doc: resynchronize manpage with in-code help
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
       via  da68957303dea58632466d79d52f83bcbbca8925 (commit)
       via  afe6b357db60c7d70379a27360c10a352bf55203 (commit)
       via  2bc9d348e11820567685670147bd58deef2f938f (commit)
       via  1829ed482efbc8b390cc760d012b3a4450494e1a (commit)
       via  bddcb92d1f0f76d21c4469b1667c8199c9fab126 (commit)
       via  1791a45b279db742d6de35ea8dc1ad9dda4acb73 (commit)
      from  6db2ded2f22a7e78743c86af523b8430876582e9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit da68957303dea58632466d79d52f83bcbbca8925
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Sat Feb 21 04:00:21 2009 +0100

    libxt_policy: use bounded strtoui
    
    reqid and SPI can only have a value in the range 0..UINT32_MAX, not
    the entire range of the "long" type. Also throw an error if the
    incoming string does not look like a pure number.
    
    "Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9.
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit afe6b357db60c7d70379a27360c10a352bf55203
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Sat Feb 21 03:44:36 2009 +0100

    extensions: remove unwanted/add needed includes for IPv4 exts
    
    Most touched files do not use anything from ip_tables.h, so
    remove that #include. multiport instead, does need it (ipt_entry).
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 2bc9d348e11820567685670147bd58deef2f938f
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Sat Feb 21 03:40:27 2009 +0100

    extensions: remove unwanted/add needed includes for IPv6 exts
    
    Most touched files do not use anything from ip6_tables.h, so
    remove that #include. multiport instead, does need it (ip6t_entry).
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 1829ed482efbc8b390cc760d012b3a4450494e1a
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Sat Feb 21 03:29:44 2009 +0100

    libxtables: prefix exit_error to xtables_error
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit bddcb92d1f0f76d21c4469b1667c8199c9fab126
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Sat Feb 21 02:48:11 2009 +0100

    libxtables: inline and remove unused OPTION_OFFSET macro
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 1791a45b279db742d6de35ea8dc1ad9dda4acb73
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Fri Feb 20 16:39:54 2009 +0100

    doc: resynchronize manpage with in-code help
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

-----------------------------------------------------------------------

 extensions/dscp_helper.c        |    4 +-
 extensions/libip6t_HL.c         |   17 ++++----
 extensions/libip6t_LOG.c        |   27 ++++++-------
 extensions/libip6t_REJECT.c     |    5 +-
 extensions/libip6t_ah.c         |   12 +++---
 extensions/libip6t_dst.c        |   24 ++++++------
 extensions/libip6t_frag.c       |   18 ++++----
 extensions/libip6t_hbh.c        |   24 ++++++------
 extensions/libip6t_hl.c         |   11 ++---
 extensions/libip6t_icmp6.c      |   10 ++--
 extensions/libip6t_ipv6header.c |   13 +++---
 extensions/libip6t_mh.c         |    7 +--
 extensions/libip6t_policy.c     |   65 ++++++++++++++++---------------
 extensions/libip6t_rt.c         |   32 ++++++++--------
 extensions/libipt_CLUSTERIP.c   |   39 +++++++++----------
 extensions/libipt_DNAT.c        |   24 ++++++------
 extensions/libipt_ECN.c         |   17 ++++----
 extensions/libipt_LOG.c         |   27 ++++++-------
 extensions/libipt_MASQUERADE.c  |   10 ++--
 extensions/libipt_MIRROR.c      |    1 -
 extensions/libipt_NETMAP.c      |   15 +++----
 extensions/libipt_REDIRECT.c    |   12 +++---
 extensions/libipt_REJECT.c      |    5 +-
 extensions/libipt_SAME.c        |   15 +++----
 extensions/libipt_SET.c         |   11 ++---
 extensions/libipt_SNAT.c        |   22 +++++-----
 extensions/libipt_TTL.c         |   15 +++----
 extensions/libipt_ULOG.c        |   27 ++++++-------
 extensions/libipt_addrtype.c    |   23 +++++------
 extensions/libipt_ah.c          |    8 ++--
 extensions/libipt_ecn.c         |   11 ++---
 extensions/libipt_icmp.c        |    8 ++--
 extensions/libipt_policy.c      |   63 ++++++++++++++++--------------
 extensions/libipt_realm.c       |    6 +-
 extensions/libipt_set.c         |    8 ++--
 extensions/libipt_set.h         |   18 ++++----
 extensions/libipt_ttl.c         |   15 +++----
 extensions/libxt_CLASSIFY.c     |    6 +-
 extensions/libxt_CONNMARK.c     |   20 +++++-----
 extensions/libxt_CONNSECMARK.c  |   10 ++--
 extensions/libxt_DSCP.c         |   10 ++--
 extensions/libxt_MARK.c         |   16 ++++----
 extensions/libxt_NFLOG.c        |   24 ++++++------
 extensions/libxt_NFQUEUE.c      |    4 +-
 extensions/libxt_RATEEST.c      |   20 +++++-----
 extensions/libxt_SECMARK.c      |    8 ++--
 extensions/libxt_TCPMSS.c       |    8 ++--
 extensions/libxt_TCPOPTSTRIP.c  |   10 ++--
 extensions/libxt_TOS.c          |    4 +-
 extensions/libxt_TPROXY.c       |    2 +-
 extensions/libxt_comment.c      |    6 +-
 extensions/libxt_connbytes.c    |   10 ++--
 extensions/libxt_connlimit.c    |   10 ++--
 extensions/libxt_connmark.c     |    4 +-
 extensions/libxt_conntrack.c    |   54 +++++++++++++-------------
 extensions/libxt_dccp.c         |   14 +++---
 extensions/libxt_dscp.c         |   10 ++--
 extensions/libxt_esp.c          |   10 ++--
 extensions/libxt_hashlimit.c    |   32 ++++++++--------
 extensions/libxt_helper.c       |    4 +-
 extensions/libxt_iprange.c      |   10 ++--
 extensions/libxt_length.c       |    8 ++--
 extensions/libxt_limit.c        |   10 ++--
 extensions/libxt_mac.c          |    6 +-
 extensions/libxt_mark.c         |    4 +-
 extensions/libxt_multiport.c    |   28 +++++++------
 extensions/libxt_owner.c        |    4 +-
 extensions/libxt_physdev.c      |    4 +-
 extensions/libxt_pkttype.c      |    4 +-
 extensions/libxt_quota.c        |    6 +-
 extensions/libxt_rateest.c      |   44 ++++++++++----------
 extensions/libxt_recent.c       |   12 +++---
 extensions/libxt_sctp.c         |   18 ++++----
 extensions/libxt_state.c        |    8 ++--
 extensions/libxt_statistic.c    |   32 ++++++++--------
 extensions/libxt_string.c       |   38 +++++++++---------
 extensions/libxt_tcp.c          |   18 ++++----
 extensions/libxt_tcpmss.c       |    6 +-
 extensions/libxt_time.c         |   36 +++++++++---------
 extensions/libxt_tos.c          |    4 +-
 extensions/libxt_u32.c          |   30 +++++++-------
 extensions/libxt_udp.c          |    6 +-
 extensions/tos_values.c         |    6 +-
 include/xtables.h.in            |    3 +-
 ip6tables-restore.c             |   26 ++++++------
 ip6tables-save.c                |    8 ++--
 ip6tables.8.in                  |    6 +-
 ip6tables.c                     |   77 +++++++++++++++++++------------------
 iptables-restore.c              |   26 ++++++------
 iptables-save.c                 |    8 ++--
 iptables-xml.c                  |   16 ++++----
 iptables.8.in                   |    6 +-
 iptables.c                      |   81 ++++++++++++++++++++-------------------
 xtables.c                       |    2 +-
 94 files changed, 778 insertions(+), 788 deletions(-)
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

diff --git a/ip6tables.8.in b/ip6tables.8.in
index 3d19a4c..a31887e 100644
--- a/ip6tables.8.in
+++ b/ip6tables.8.in
@@ -30,16 +30,16 @@ ip6tables - IPv6 packet filter administration
 \fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-D\fP} \fIchain
 rule-specification\fP [\fIoptions...\fP]
 .PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP [\fIrulenum\fP]
+\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP]
 \fIrule-specification\fP [\fIoptions...\fP]
 .PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIrulenum
+\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIchain rulenum
 rule-specification\fP [\fIoptions...\fP]
 .PP
 \fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-D\fP \fIchain rulenum\fP
 [\fIoptions...\fP]
 .PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP]
+\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
 .PP
 \fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP}
 [\fIchain\fP] [\fIoptions...\fP]
diff --git a/ip6tables.c b/ip6tables.c
index 06c0a60..7847ebc 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -240,7 +240,8 @@ exit_printhelp(struct xtables_rule_match *matches)
 
 	printf("%s v%s\n\n"
 "Usage: %s -[AD] chain rule-specification [options]\n"
-"       %s -[RI] chain rulenum rule-specification [options]\n"
+"       %s -I chain [rulenum] rule-specification [options]\n"
+"       %s -R chain rulenum rule-specification [options]\n"
 "       %s -D chain rulenum [options]\n"
 "       %s -[LS] [chain [rulenum]] [options]\n"
 "       %s -[FZ] [chain] [options]\n"
@@ -250,7 +251,7 @@ exit_printhelp(struct xtables_rule_match *matches)
 "       %s -h (print this help information)\n\n",
 	       prog_name, prog_vers, prog_name, prog_name,
 	       prog_name, prog_name, prog_name, prog_name,
-	       prog_name, prog_name, prog_name);
+	       prog_name, prog_name, prog_name, prog_name);
 
 	printf(
 "Commands:\n"
diff --git a/iptables.8.in b/iptables.8.in
index 2bbd9a7..10dcb73 100644
--- a/iptables.8.in
+++ b/iptables.8.in
@@ -27,13 +27,13 @@ iptables - administration tool for IPv4 packet filtering and NAT
 .SH SYNOPSIS
 \fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-D\fP} \fIchain\fP \fIrule-specification\fP
 .PP
-\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP [\fIrulenum\fP] \fIrule-specification\fP
+\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP] \fIrule-specification\fP
 .PP
-\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIrulenum rule-specification\fP
+\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIchain rulenum rule-specification\fP
 .PP
 \fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-D\fP \fIchain rulenum\fP
 .PP
-\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP]
+\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
 .PP
 \fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP} [\fIchain\fP] [\fIoptions...\fP]
 .PP
diff --git a/iptables.c b/iptables.c
index a8e97c7..8448c18 100644
--- a/iptables.c
+++ b/iptables.c
@@ -254,7 +254,8 @@ exit_printhelp(struct xtables_rule_match *matches)
 
 	printf("%s v%s\n\n"
 "Usage: %s -[AD] chain rule-specification [options]\n"
-"       %s -[RI] chain rulenum rule-specification [options]\n"
+"       %s -I chain [rulenum] rule-specification [options]\n"
+"       %s -R chain rulenum rule-specification [options]\n"
 "       %s -D chain rulenum [options]\n"
 "       %s -[LS] [chain [rulenum]] [options]\n"
 "       %s -[FZ] [chain] [options]\n"
@@ -264,7 +265,7 @@ exit_printhelp(struct xtables_rule_match *matches)
 "       %s -h (print this help information)\n\n",
 	       prog_name, prog_vers, prog_name, prog_name,
 	       prog_name, prog_name, prog_name, prog_name,
-	       prog_name, prog_name, prog_name);
+	       prog_name, prog_name, prog_name, prog_name);
 
 	printf(
 "Commands:\n"



More information about the netfilter-cvslog mailing list