[Bug 65] New: Problem with error message when tcp-flags doesn't recognize a flag

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Mon, 17 Mar 2003 02:06:42 +0100


https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=65

           Summary: Problem with error message when tcp-flags doesn't
                    recognize a flag
           Product: iptables userspace
           Version: 1.2.7a
          Platform: other
        OS/Version: other
            Status: NEW
          Severity: minor
          Priority: P2
         Component: iptables
        AssignedTo: laforge@netfilter.org
        ReportedBy: androsyn@ratbox.org
                CC: netfilter-buglog@lists.netfilter.org


When iptables is passed multiple tcp flags and doesn't recognize the flag,
iptables reports the previous flag, not the current one.  For example pass
something like 
iptables -A INPUT -p tcp --tcp-flags SYN,FIN,UGH -j DROP

Obviously the UGH is wrong, but it reports FIN as the flag it doesn't recognize. 
Here is a patch to fix the issue in both iptables and ip6tables.

Index: extensions/libip6t_tcp.c
===================================================================
RCS file: /cvspublic/netfilter/userspace/extensions/libip6t_tcp.c,v
retrieving revision 1.10
diff -u -r1.10 libip6t_tcp.c
--- extensions/libip6t_tcp.c	26 Jul 2002 16:27:57 -0000	1.10
+++ extensions/libip6t_tcp.c	17 Mar 2003 01:00:11 -0000
@@ -122,7 +122,7 @@
 		}
 		if (i == sizeof(tcp_flag_names)/sizeof(struct tcp_flag_names))
 			exit_error(PARAMETER_PROBLEM,
-				   "Unknown TCP flag `%s'", buffer);
+				   "Unknown TCP flag `%s'", ptr);
 		}
 
 	free(buffer);
Index: extensions/libipt_tcp.c
===================================================================
RCS file: /cvspublic/netfilter/userspace/extensions/libipt_tcp.c,v
retrieving revision 1.14
diff -u -r1.14 libipt_tcp.c
--- extensions/libipt_tcp.c	26 Jul 2002 16:27:57 -0000	1.14
+++ extensions/libipt_tcp.c	17 Mar 2003 01:00:11 -0000
@@ -122,7 +122,7 @@
 		}
 		if (i == sizeof(tcp_flag_names)/sizeof(struct tcp_flag_names))
 			exit_error(PARAMETER_PROBLEM,
-				   "Unknown TCP flag `%s'", buffer);
+				   "Unknown TCP flag `%s'", ptr);
 		}
 
 	free(buffer);



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.