'nother pull request

'nother pull request

[Jan Engelhardt]

And pull again (wasnot sure if you had seen the patches already),
to receive some bugfixes I cooked in response
to ljlane's request to peek at Debian bugs.

Jan Engelhardt (3):
      libxtables: use const for vars holding literals
      libxt_string: fix undefined behavior/incorrect patlen calculation
      libxtables: flush before fork

 extensions/libxt_string.c |    4 +++-
 include/xtables.h.in      |    3 +--
 xtables.c                 |    6 ++++++
 3 files changed, 10 insertions(+), 3 deletions(-)

[PATCH 1/3] libxtables: use const for vars holding literals

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/xtables.h.in |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/include/xtables.h.in b/include/xtables.h.in
index 6712aac..ae1594a 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -186,8 +186,7 @@ enum xtables_exittype {
 struct xtables_globals
 {
 	unsigned int option_offset;
-	char *program_version;
-	char *program_name;
+	const char *program_name, *program_version;
 	struct option *opts;
 	void (*exit_err)(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
 };
-- 
1.6.1.2

[PATCH 2/3] libxt_string: fix undefined behavior/incorrect patlen calculation

[Jan Engelhardt]

strlen ran over the end of the string. Use strnlen to bound it.

Reference: http://bugs.debian.org/513516
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_string.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index 6bd27c0..aa52fa8 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -20,6 +20,7 @@
  *             updated to work with slightly modified
  *             ipt_string_info.
  */
+#define _GNU_SOURCE 1
 #include <stdio.h>
 #include <netdb.h>
 #include <string.h>
@@ -207,7 +208,8 @@ string_parse(int c, char **argv, int invert, unsigned int *flags,
 			else
 				stringinfo->u.v1.flags |= XT_STRING_FLAG_INVERT;
 		}
-		stringinfo->patlen=strlen((char *)&stringinfo->pattern);
+		stringinfo->patlen = strnlen((char *)&stringinfo->pattern,
+			sizeof(stringinfo->patlen));
 		*flags |= STRING;
 		break;
 
-- 
1.6.1.2

[PATCH 3/3] libxtables: flush before fork

[Jan Engelhardt]

Reference: http://bugs.debian.org/514869
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 xtables.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/xtables.c b/xtables.c
index 02bfc17..d85e639 100644
--- a/xtables.c
+++ b/xtables.c
@@ -272,6 +272,12 @@ int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
 		modprobe = buf;
 	}
 
+	/*
+	 * Need to flush the buffer, or the child may output it again
+	 * when switching the program thru execv.
+	 */
+	fflush(stdout);
+
 	switch (fork()) {
 	case 0:
 		argv[0] = (char *)modprobe;
-- 
1.6.1.2

Re: 'nother pull request

[Patrick McHardy]

Jan Engelhardt wrote:
> And pull again (wasnot sure if you had seen the patches already),
> to receive some bugfixes I cooked in response
> to ljlane's request to peek at Debian bugs.
> 
> Jan Engelhardt (3):
>       libxtables: use const for vars holding literals
>       libxt_string: fix undefined behavior/incorrect patlen calculation
>       libxtables: flush before fork
> 
>  extensions/libxt_string.c |    4 +++-
>  include/xtables.h.in      |    3 +--
>  xtables.c                 |    6 ++++++
>  3 files changed, 10 insertions(+), 3 deletions(-)

Also pulled and pushed out, thanks.