From: Phil Sutter <phil@nwl.cc>
To: netfilter-devel@vger.kernel.org
Cc: gorbanev.es@gmail.com
Subject: [iptables PATCH] xshared: Fix parsing of empty string arg in '-c' option
Date: Tue, 9 Apr 2024 13:31:01 +0200 [thread overview]
Message-ID: <20240409113101.672-1-phil@nwl.cc> (raw)
Calling iptables with '-c ""' resulted in a call to strchr() with an
invalid pointer as 'optarg + 1' points to past the buffer. The most
simple fix is to drop the offset: The global optstring part specifies a
single colon after 'c', so getopt() enforces a valid pointer in optarg.
If it contains a comma at first position, packet counter value parsing
will fail so all cases are covered.
Reported-by: gorbanev.es@gmail.com
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1741
Fixes: 60a6073690a45 ("Make --set-counters (-c) accept comma separated counters")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
extensions/iptables.t | 5 +++++
iptables/xshared.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/extensions/iptables.t b/extensions/iptables.t
index b4b6d677abab1..5d6d3d15cc5fd 100644
--- a/extensions/iptables.t
+++ b/extensions/iptables.t
@@ -4,3 +4,8 @@
-i eth+ -o alongifacename+;=;OK
! -i eth0;=;OK
! -o eth+;=;OK
+-c "";;FAIL
+-c ,3;;FAIL
+-c 3,;;FAIL
+-c ,;;FAIL
+-c 2,3 -j ACCEPT;-j ACCEPT;OK
diff --git a/iptables/xshared.c b/iptables/xshared.c
index b998dd75aaf05..b1997ea35f8f8 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1885,7 +1885,7 @@ void do_parse(int argc, char *argv[],
set_option(p->ops, &cs->options, OPT_COUNTERS,
&args->invflags, invert);
args->pcnt = optarg;
- args->bcnt = strchr(args->pcnt + 1, ',');
+ args->bcnt = strchr(args->pcnt, ',');
if (args->bcnt)
args->bcnt++;
if (!args->bcnt && xs_has_arg(argc, argv))
--
2.43.0
next reply other threads:[~2024-04-09 11:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-09 11:31 Phil Sutter [this message]
2024-04-11 10:16 ` [iptables PATCH] xshared: Fix parsing of empty string arg in '-c' option Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240409113101.672-1-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=gorbanev.es@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).