[iptables] xtables: fix segfault if incorrect protocol name is used

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue May 12 09:55:41 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=e55cc4aaa6e35448c14370e5261c3387d26b257d
commit e55cc4aaa6e35448c14370e5261c3387d26b257d
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue May 12 09:51:26 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue May 12 09:51:26 2009 +0200

    xtables: fix segfault if incorrect protocol name is used
    
    This patch fixes a segfault that can be triggered if you use an
    incorrect protocol, e.g.
    
    # iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
    Segmentation fault
    
    With this patch:
    
    # iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
    iptables v1.4.3.2: unknown protocol `lala' specified
    Try `iptables -h' or 'iptables --help' for more information
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  e55cc4aaa6e35448c14370e5261c3387d26b257d (commit)
      from  cd958a6c92c84095a439780b53832bb3aae2d512 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e55cc4aaa6e35448c14370e5261c3387d26b257d
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue May 12 09:51:26 2009 +0200

    xtables: fix segfault if incorrect protocol name is used
    
    This patch fixes a segfault that can be triggered if you use an
    incorrect protocol, e.g.
    
    # iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
    Segmentation fault
    
    With this patch:
    
    # iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
    iptables v1.4.3.2: unknown protocol `lala' specified
    Try `iptables -h' or 'iptables --help' for more information
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 xtables.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
This patch fixes a segfault that can be triggered if you use an
incorrect protocol, e.g.

# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
Segmentation fault

With this patch:

# iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21
iptables v1.4.3.2: unknown protocol `lala' specified
Try `iptables -h' or 'iptables --help' for more information

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/xtables.c b/xtables.c
index a01d4ea..e018331 100644
--- a/xtables.c
+++ b/xtables.c
@@ -1502,6 +1502,9 @@ xtables_parse_protocol(const char *s)
 		else {
 			unsigned int i;
 			for (i = 0; i < ARRAY_SIZE(xtables_chain_protos); ++i) {
+				if (xtables_chain_protos[i].name == NULL)
+					continue;
+
 				if (strcmp(s, xtables_chain_protos[i].name) == 0) {
 					proto = xtables_chain_protos[i].num;
 					break;

More information about the netfilter-cvslog mailing list