Bug#458042: iptables-restore: segmentation fault with -tanything

Thu, 27 Dec 2007 23:42:03 -0800 

Package: iptables
Version: 1.3.8.0debian1-1
Severity: normal
Tags: patch

iptables-restore must not pass a table into do_command. It checks for
"-t arg" and "--table arg", but not "-targ". (On a related note, using
-targ does not work as expected).

This should fail gracefully, but crashes:

iptables-restore <(echo -e '*filter\n-A INPUT -tx\nCOMMIT')

And this should use table "filter", or perhaps raise an error, but
instead sets the table to (literally) "-tfilter":

iptables -tfilter -A INPUT

Regards,
Michael Spang


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (10, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-rc6-freyr (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iptables depends on:
ii  libc6                         2.7-5      GNU C Library: Shared libraries

iptables recommends no packages.

-- no debconf information

diff -ur old/iptables/ip6tables.c new/iptables/ip6tables.c
--- old/iptables/ip6tables.c	2007-06-24 19:26:35.000000000 -0400
+++ new/iptables/ip6tables.c	2007-12-28 01:31:34.000000000 -0500
@@ -2160,7 +2160,7 @@
 			if (invert)
 				exit_error(PARAMETER_PROBLEM,
 					   "unexpected ! flag before --table");
-			*table = argv[optind-1];
+			*table = optarg;
 			break;
 
 		case 'x':
diff -ur old/iptables/ip6tables-restore.c new/iptables/ip6tables-restore.c
--- old/iptables/ip6tables-restore.c	2007-05-22 13:11:40.000000000 -0400
+++ new/iptables/ip6tables-restore.c	2007-12-28 01:35:10.000000000 -0500
@@ -383,7 +383,7 @@
 					*(param_buffer+param_len) = '\0';
 
 					/* check if table name specified */
-					if (!strncmp(param_buffer, "-t", 3)
+					if (!strncmp(param_buffer, "-t", 2)
                                             || !strncmp(param_buffer, "--table", 8)) {
 						exit_error(PARAMETER_PROBLEM, 
 						   "Line %u seems to have a "
diff -ur old/iptables/iptables.c new/iptables/iptables.c
--- old/iptables/iptables.c	2007-04-29 19:03:30.000000000 -0400
+++ new/iptables/iptables.c	2007-12-28 02:08:11.000000000 -0500
@@ -2249,7 +2249,7 @@
 			if (invert)
 				exit_error(PARAMETER_PROBLEM,
 					   "unexpected ! flag before --table");
-			*table = argv[optind-1];
+			*table = optarg;
 			break;
 
 		case 'x':
diff -ur old/iptables/iptables-restore.c new/iptables/iptables-restore.c
--- old/iptables/iptables-restore.c	2007-05-22 13:11:40.000000000 -0400
+++ new/iptables/iptables-restore.c	2007-12-28 01:20:00.000000000 -0500
@@ -386,7 +386,7 @@
 					param_buffer[param_len] = '\0';
 
 					/* check if table name specified */
-					if (!strncmp(param_buffer, "-t", 3)
+					if (!strncmp(param_buffer, "-t", 2)
                                             || !strncmp(param_buffer, "--table", 8)) {
 						exit_error(PARAMETER_PROBLEM, 
 						   "Line %u seems to have a "

Reply via email to