rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity

ebtables: Exit gracefully on invalid table names

Browse Source
This commit is contained in:
Phil Sutter 2021-01-28 14:44:50 +01:00
parent 0075af4c46
commit 648ffbc316
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
0001-ebtables-Exit-gracefully-on-invalid-table-names.patch Normal file
View File

@ -0,0 +1,51 @@
From 30c1d443896311e69762d6b51b63908ec602574f Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 28 Jan 2021 01:09:56 +0100
Subject: [PATCH] ebtables: Exit gracefully on invalid table names
Users are able to cause program abort by passing a table name that
doesn't exist:
| # ebtables-nft -t dummy -P INPUT ACCEPT
| ebtables: nft-cache.c:455: fetch_chain_cache: Assertion `t' failed.
| Aborted
Avoid this by checking table existence just like iptables-nft does upon
parsing '-t' optarg. Since the list of tables is known and fixed,
checking the given name's length is pointless. So just drop that check
in return.
With this patch in place, output looks much better:
| # ebtables-nft -t dummy -P INPUT ACCEPT
| ebtables v1.8.7 (nf_tables): table 'dummy' does not exist
| Perhaps iptables or your kernel needs to be upgraded.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
iptables/xtables-eb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index cfa9317c78e94..5bb34d6d292a9 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -914,10 +914,10 @@ print_zero:
xtables_error(PARAMETER_PROBLEM,
"The -t option (seen in line %u) cannot be used in %s.\n",
line, xt_params->program_name);
- if (strlen(optarg) > EBT_TABLE_MAXNAMELEN - 1)
- xtables_error(PARAMETER_PROBLEM,
- "Table name length cannot exceed %d characters",
- EBT_TABLE_MAXNAMELEN - 1);
+ if (!nft_table_builtin_find(h, optarg))
+ xtables_error(VERSION_PROBLEM,
+ "table '%s' does not exist",
+ optarg);
*table = optarg;
table_set = true;
break;
--
2.28.0

7
iptables.spec
View File

@ -19,7 +19,7 @@ Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities Summary: Tools for managing Linux kernel packet filtering capabilities
URL: http://www.netfilter.org/projects/iptables URL: http://www.netfilter.org/projects/iptables
Version: 1.8.7 Version: 1.8.7
Release: 2%{?dist} Release: 3%{?dist}
Source: %{url}/files/%{name}-%{version}.tar.bz2 Source: %{url}/files/%{name}-%{version}.tar.bz2
Source1: iptables.init Source1: iptables.init
Source2: iptables-config Source2: iptables-config
@ -32,6 +32,8 @@ Source7: %{url}/files/%{name}-%{version_old}.tar.bz2
Source8: 0002-extensions-format-security-fixes-in-libip-6-t_icmp.patch Source8: 0002-extensions-format-security-fixes-in-libip-6-t_icmp.patch
%endif %endif
Patch1: 0001-ebtables-Exit-gracefully-on-invalid-table-names.patch
# pf.os: ISC license # pf.os: ISC license
# iptables-apply: Artistic Licence 2.0 # iptables-apply: Artistic Licence 2.0
License: GPLv2 and Artistic Licence 2.0 and ISC License: GPLv2 and Artistic Licence 2.0 and ISC
@ -443,6 +445,9 @@ fi
%changelog %changelog
* Thu Jan 28 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-3
- ebtables: Exit gracefully on invalid table names
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.7-2 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild