[iptables] xtables: fix segfault if incorrect protocol name is used
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Tue May 12 09:55:41 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=e55cc4aaa6e35448c14370e5261c3387d26b257d
commit e55cc4aaa6e35448c14370e5261c3387d26b257d
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue May 12 09:51:26 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue May 12 09:51:26 2009 +0200
xtables: fix segfault if incorrect protocol name is used
This patch fixes a segfault that can be triggered if you use an
incorrect protocol, e.g.
# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
Segmentation fault
With this patch:
# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
iptables v1.4.3.2: unknown protocol `lala' specified
Try `iptables -h' or 'iptables --help' for more information
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via e55cc4aaa6e35448c14370e5261c3387d26b257d (commit)
from cd958a6c92c84095a439780b53832bb3aae2d512 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e55cc4aaa6e35448c14370e5261c3387d26b257d
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Tue May 12 09:51:26 2009 +0200
xtables: fix segfault if incorrect protocol name is used
This patch fixes a segfault that can be triggered if you use an
incorrect protocol, e.g.
# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
Segmentation fault
With this patch:
# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
iptables v1.4.3.2: unknown protocol `lala' specified
Try `iptables -h' or 'iptables --help' for more information
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
xtables.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
This patch fixes a segfault that can be triggered if you use an
incorrect protocol, e.g.
# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
Segmentation fault
With this patch:
# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
iptables v1.4.3.2: unknown protocol `lala' specified
Try `iptables -h' or 'iptables --help' for more information
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/xtables.c b/xtables.c
index a01d4ea..e018331 100644
--- a/xtables.c
+++ b/xtables.c
@@ -1502,6 +1502,9 @@ xtables_parse_protocol(const char *s)
else {
unsigned int i;
for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) {
+ if (xtables_chain_protos[i].name == NULL)
+ continue;
+
if (strcmp(s, xtables_chain_protos[i].name) == 0) {
proto = xtables_chain_protos[i].num;
break;
More information about the netfilter-cvslog
mailing list