You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 lines
3.1 KiB
91 lines
3.1 KiB
5 years ago
|
From 5b36b6fa581ca958340ab8d40be646cae249eee4 Mon Sep 17 00:00:00 2001
|
||
|
From: Phil Sutter <psutter@redhat.com>
|
||
|
Date: Wed, 23 Oct 2019 12:07:39 +0200
|
||
|
Subject: [PATCH 2/2] xtables-restore: Unbreak *tables-restore
|
||
|
|
||
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1749700
|
||
|
Upstream Status: iptables commit 4e470fa347610
|
||
|
Conflicts: Downstream does not support nft-variants.
|
||
|
|
||
|
commit 4e470fa34761085144640fb561a9ad26b2cde382
|
||
|
Author: Phil Sutter <phil@nwl.cc>
|
||
|
Date: Tue Oct 22 12:25:28 2019 +0200
|
||
|
|
||
|
xtables-restore: Unbreak *tables-restore
|
||
|
|
||
|
Commit 3dc433b55bbfa ("xtables-restore: Fix --table parameter check")
|
||
|
installed an error check which evaluated true in all cases as all
|
||
|
callers of do_command callbacks pass a pointer to a table name already.
|
||
|
Attached test case passed as it tested error condition only.
|
||
|
|
||
|
Fix the whole mess by introducing a boolean to indicate whether a table
|
||
|
parameter was seen already. Extend the test case to cover positive as
|
||
|
well as negative behaviour and to test ebtables-restore and
|
||
|
ip6tables-restore as well. Also add the required checking code to the
|
||
|
latter since the original commit missed it.
|
||
|
|
||
|
Fixes: 3dc433b55bbfa ("xtables-restore: Fix --table parameter check")
|
||
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||
|
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||
|
|
||
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||
|
---
|
||
|
iptables/ip6tables.c | 6 ++++++
|
||
|
iptables/iptables.c | 4 +++-
|
||
|
2 files changed, 9 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
|
||
|
index fc2fd37cfe919..42edf7a55ec6e 100644
|
||
|
--- a/iptables/ip6tables.c
|
||
|
+++ b/iptables/ip6tables.c
|
||
|
@@ -1316,6 +1316,7 @@ int do_command6(int argc, char *argv[], char **table,
|
||
|
struct xtables_rule_match *matchp;
|
||
|
struct xtables_target *t;
|
||
|
unsigned long long cnt;
|
||
|
+ bool table_set = false;
|
||
|
|
||
|
memset(&cs, 0, sizeof(cs));
|
||
|
cs.jumpto = "";
|
||
|
@@ -1598,7 +1599,12 @@ int do_command6(int argc, char *argv[], char **table,
|
||
|
if (cs.invert)
|
||
|
xtables_error(PARAMETER_PROBLEM,
|
||
|
"unexpected ! flag before --table");
|
||
|
+ if (restore && table_set)
|
||
|
+ xtables_error(PARAMETER_PROBLEM,
|
||
|
+ "The -t option (seen in line %u) cannot be used in %s.\n",
|
||
|
+ line, xt_params->program_name);
|
||
|
*table = optarg;
|
||
|
+ table_set = true;
|
||
|
break;
|
||
|
|
||
|
case 'x':
|
||
|
diff --git a/iptables/iptables.c b/iptables/iptables.c
|
||
|
index d106a18949407..0ad87fd98684d 100644
|
||
|
--- a/iptables/iptables.c
|
||
|
+++ b/iptables/iptables.c
|
||
|
@@ -1312,6 +1312,7 @@ int do_command4(int argc, char *argv[], char **table,
|
||
|
struct xtables_rule_match *matchp;
|
||
|
struct xtables_target *t;
|
||
|
unsigned long long cnt;
|
||
|
+ bool table_set = false;
|
||
|
|
||
|
memset(&cs, 0, sizeof(cs));
|
||
|
cs.jumpto = "";
|
||
|
@@ -1591,11 +1592,12 @@ int do_command4(int argc, char *argv[], char **table,
|
||
|
if (cs.invert)
|
||
|
xtables_error(PARAMETER_PROBLEM,
|
||
|
"unexpected ! flag before --table");
|
||
|
- if (restore && *table)
|
||
|
+ if (restore && table_set)
|
||
|
xtables_error(PARAMETER_PROBLEM,
|
||
|
"The -t option (seen in line %u) cannot be used in %s.\n",
|
||
|
line, xt_params->program_name);
|
||
|
*table = optarg;
|
||
|
+ table_set = true;
|
||
|
break;
|
||
|
|
||
|
case 'x':
|
||
|
--
|
||
|
2.23.0
|
||
|
|