Re: [PATCH 2/4] iptables: limit chain name length to be consistent with targets

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stig Thormodsrud <stig@vyatta.com>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: pablo@netfilter.org, kaber@trash.net, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 2/4] iptables: limit chain name length to be consistent with targets
Date: Wed, 15 Sep 2010 17:29:12 -0700	[thread overview]
Message-ID: <4C9164D8.2060307@vyatta.com> (raw)
In-Reply-To: <1284576828-32412-3-git-send-email-jengelh@medozas.de>

On 09/15/2010 11:53 AM, Jan Engelhardt wrote:
> Creationg of chain names longer than the ones being able to jump to
> should be inhibited for consistency.
> 
> References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2
> Cc: Stig Thormodsrud <stig@vyatta.com>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> ---
>  ip6tables.c |    6 +++---
>  iptables.c  |    6 +++---
>  2 files changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/ip6tables.c b/ip6tables.c
> index 6c5d124..15067da 100644
> --- a/ip6tables.c
> +++ b/ip6tables.c
> @@ -1838,10 +1838,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
>  
>  	generic_opt_check(command, options);
>  
> -	if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN)
> +	if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
>  		xtables_error(PARAMETER_PROBLEM,
> -			   "chain name `%s' too long (must be under %i chars)",
> -			   chain, IP6T_FUNCTION_MAXNAMELEN);
> +			   "chain name `%s' too long (must be under %u chars)",
> +			   chain, XT_EXTENSION_MAXNAMELEN);
>  
>  	/* only allocate handle if we weren't called with a handle */
>  	if (!*handle)
> diff --git a/iptables.c b/iptables.c
> index 19f6d4f..840dd3e 100644
> --- a/iptables.c
> +++ b/iptables.c
> @@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
>  
>  	generic_opt_check(command, options);
>  
> -	if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN)
> +	if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
>  		xtables_error(PARAMETER_PROBLEM,
> -			   "chain name `%s' too long (must be under %i chars)",
> -			   chain, IPT_FUNCTION_MAXNAMELEN);
> +			   "chain name `%s' too long (must be under %u chars)",
> +			   chain, XT_EXTENSION_MAXNAMELEN);
>  
>  	/* only allocate handle if we weren't called with a handle */
>  	if (!*handle)

Thanks for the fix.  I guess my original question was if the change in
max name length from 29 to 28 characters was intentional or required by
some other data structure change?

iptables -t filter --new-chain A234567890123456789012345678901
iptables v1.4.4: chain name `A234567890123456789012345678901' too long
(must be under 30 chars)


iptables -t filter --new-chain A234567890123456789012345678901
iptables v1.4.9: chain name `A234567890123456789012345678901' too long
(must be under 29 chars)


I know you're probably thinking it's just 1 character who cares, but we
have checks for that max in a lot of places and our log tag is based on
the chain name and the log tag has a max size and blah blah...

next prev parent reply	other threads:[~2010-09-16  0:29 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-15 18:53 pull: misc nf bugfixes Jan Engelhardt
2010-09-15 18:53 ` [PATCH 1/4] iptables-xml: resolve compiler warnings Jan Engelhardt
2010-09-15 18:53 ` [PATCH 2/4] iptables: limit chain name length to be consistent with targets Jan Engelhardt
2010-09-16  0:29   ` Stig Thormodsrud [this message]
2010-09-16  9:45     ` Jan Engelhardt
2010-09-15 18:53 ` [PATCH 3/4] libiptc: build with -Wl,--no-as-needed Jan Engelhardt
2010-09-15 18:53 ` [PATCH 4/4] libiptc: add Libs.private to pkgconfig files Jan Engelhardt
2010-09-15 19:26 ` pull: misc nf bugfixes Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C9164D8.2060307@vyatta.com \
    --to=stig@vyatta.com \
    --cc=jengelh@medozas.de \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.