iptables-restore segfaults

Ben Reser ben@reser.org
Thu, 18 Oct 2001 23:27:06 -0700

On Fri, Oct 19, 2001 at 03:56:11AM +0200, Andreas Ferber wrote:
> Bens original patch wasn't that broken, as it checks for whitespace
> after the "-t", but it's still broken. Guess what happens if I happen
> to have a network interface named "-t" ("foo-t" will also trigger with
> Bens patch) and try to match it...

Oops, I knew I was missing something.

> It adds a new parameter restore_lineno to do_command, which takes the
> input line number from iptables-restore.c, iptables-standalone.c sets
> this to zero. If this parameter is >0, do_command refuses to accept a
> "-t" parameter and instead uses the initial value of *table (which is
> initialized correctly by iptables-restore.c). An additional side
> effect is that it is now possible to include the line number into
> error messages generated by do_command (currently only used in the new
> error message for "--table" with restore_lineno>0).
> The changes for ip6tables are similar.

I agree this is an excellent way of doing it just from the looks.  I
haven't actually applied this patch yet to try it.

Ben Reser <ben@reser.org>

"To fight and conquer in all our battles is not supreme excellence. 
Supreme excellence consists in breaking the enemy's resistance without
fighting." -Chinese philosopher Sun Tzu