[Bug 643] New: Inconsistent target length requirements for chain names and jump/goto targets

Wed Mar 31 10:11:57 CEST 2010

http://bugzilla.netfilter.org/show_bug.cgi?id=643

           Summary: Inconsistent target length requirements for chain names
                    and jump/goto targets
           Product: iptables
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P1
         Component: iptables
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: aldem-iptbugs at aldem.net

According to documentation, maximum chain name length should be below 30
characters.

However, while "iptables -N" and iptables-restore allows creation of chains
with name length 29, jump or goto targets only accept 27 characters.

What is worse, providing target name of length more than 27 characters to
jump/goto targets (target chain must exists) causes buffer overflow when
invoking iptables-restore or iptables -j.

This was tested on most recent (production) version of iptables distributed
with Fedora 12 (1.4.5).

To reproduce, perform:

iptables -N 012345678901234567890123456789
iptables -A FORWARD -j 0123456789001234567890123456789 # Buffer overflow
iptables -A FORWARD -j 012345678900123456789012345678 # Buffer overflow
iptables -A FORWARD -j 01234567890012345678901234567 # OK

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.