Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/iptables.git#648ffbc31613acd9f9015892c0820df9be00cb89
This commit is contained in:
parent
78e6451c8f
commit
b95090f5f5
51
0001-ebtables-Exit-gracefully-on-invalid-table-names.patch
Normal file
51
0001-ebtables-Exit-gracefully-on-invalid-table-names.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From 30c1d443896311e69762d6b51b63908ec602574f Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <phil@nwl.cc>
|
||||
Date: Thu, 28 Jan 2021 01:09:56 +0100
|
||||
Subject: [PATCH] ebtables: Exit gracefully on invalid table names
|
||||
|
||||
Users are able to cause program abort by passing a table name that
|
||||
doesn't exist:
|
||||
|
||||
| # ebtables-nft -t dummy -P INPUT ACCEPT
|
||||
| ebtables: nft-cache.c:455: fetch_chain_cache: Assertion `t' failed.
|
||||
| Aborted
|
||||
|
||||
Avoid this by checking table existence just like iptables-nft does upon
|
||||
parsing '-t' optarg. Since the list of tables is known and fixed,
|
||||
checking the given name's length is pointless. So just drop that check
|
||||
in return.
|
||||
|
||||
With this patch in place, output looks much better:
|
||||
|
||||
| # ebtables-nft -t dummy -P INPUT ACCEPT
|
||||
| ebtables v1.8.7 (nf_tables): table 'dummy' does not exist
|
||||
| Perhaps iptables or your kernel needs to be upgraded.
|
||||
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
iptables/xtables-eb.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
|
||||
index cfa9317c78e94..5bb34d6d292a9 100644
|
||||
--- a/iptables/xtables-eb.c
|
||||
+++ b/iptables/xtables-eb.c
|
||||
@@ -914,10 +914,10 @@ print_zero:
|
||||
xtables_error(PARAMETER_PROBLEM,
|
||||
"The -t option (seen in line %u) cannot be used in %s.\n",
|
||||
line, xt_params->program_name);
|
||||
- if (strlen(optarg) > EBT_TABLE_MAXNAMELEN - 1)
|
||||
- xtables_error(PARAMETER_PROBLEM,
|
||||
- "Table name length cannot exceed %d characters",
|
||||
- EBT_TABLE_MAXNAMELEN - 1);
|
||||
+ if (!nft_table_builtin_find(h, optarg))
|
||||
+ xtables_error(VERSION_PROBLEM,
|
||||
+ "table '%s' does not exist",
|
||||
+ optarg);
|
||||
*table = optarg;
|
||||
table_set = true;
|
||||
break;
|
||||
--
|
||||
2.28.0
|
||||
|
@ -19,7 +19,7 @@ Name: iptables
|
||||
Summary: Tools for managing Linux kernel packet filtering capabilities
|
||||
URL: http://www.netfilter.org/projects/iptables
|
||||
Version: 1.8.7
|
||||
Release: 1%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Source: %{url}/files/%{name}-%{version}.tar.bz2
|
||||
Source1: iptables.init
|
||||
Source2: iptables-config
|
||||
@ -32,6 +32,8 @@ Source7: %{url}/files/%{name}-%{version_old}.tar.bz2
|
||||
Source8: 0002-extensions-format-security-fixes-in-libip-6-t_icmp.patch
|
||||
%endif
|
||||
|
||||
Patch1: 0001-ebtables-Exit-gracefully-on-invalid-table-names.patch
|
||||
|
||||
# pf.os: ISC license
|
||||
# iptables-apply: Artistic Licence 2.0
|
||||
License: GPLv2 and Artistic Licence 2.0 and ISC
|
||||
@ -443,6 +445,12 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jan 28 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-3
|
||||
- ebtables: Exit gracefully on invalid table names
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.7-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Sat Jan 16 2021 Kevin Fenzi <kevin@scrye.com> - 1.8.7-1
|
||||
- Update to 1.8.7. Fixes rhbz#1916948
|
||||
|
||||
|
@ -21,7 +21,7 @@
|
||||
roles:
|
||||
- role: standard-test-rhts
|
||||
tests:
|
||||
- backport-iptables-add-libxt-cgroup-frontend
|
||||
# - backport-iptables-add-libxt-cgroup-frontend
|
||||
- initscript-sanity
|
||||
- ip6tables-do-not-accept-dst-or-src-direction-on-ip6sets
|
||||
- ip6tables-service-does-not-allow-dhcpv6-client-by
|
||||
|
Loading…
Reference in New Issue
Block a user