[Bug 854] New: xtables_ipmask_to_cidr error code leaks into output of iptables --list
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Sep 26 16:11:06 CEST 2013
https://bugzilla.netfilter.org/show_bug.cgi?id=854
Summary: xtables_ipmask_to_cidr error code leaks into output of
iptables --list
Product: iptables
Version: 1.4.x
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: trivial
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: e6lit7 at gmx.net
Estimated Hours: 0.0
xtables_ipmask_to_cidr error code leaks into output of "iptables --list" when
non-CIDR compatible masks are used:
# iptables -V
iptables v1.4.20
# iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -d 1.0.0.0/8 -j ACCEPT
-A FORWARD -d 0.2.0.0/0.255.0.0 -j ACCEPT
-A FORWARD -d 0.0.3.0/0.0.255.0 -j ACCEPT
-A FORWARD -d 0.0.0.4/0.0.0.255 -j ACCEPT
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 1.0.0.0/8
ACCEPT all -- anywhere 0.2.0.0/-1 // Error code leak
ACCEPT all -- anywhere 0.0.3.0/-1 // Error code leak
ACCEPT all -- anywhere 0.0.0.4/-1 // Error code leak
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
As far as I understand the source code, the mask should be displayed in dotted
format if CIDR format is not possible.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list