From: Jan Engelhardt <jengelh@medozas.de>
To: kaber@trash.net
Cc: netfilter-devel@vger.kernel.org, hadi@cyberus.ca
Subject: [PATCH 6/6] libxt_policy: use bounded strtoui
Date: Sat, 21 Feb 2009 04:18:04 +0100 [thread overview]
Message-ID: <1235186284-31661-7-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1235186284-31661-1-git-send-email-jengelh@medozas.de>
reqid and SPI can only have a value in the range 0..UINT32_MAX, not
the entire range of the "long" type. Also throw an error if the
incoming string does not look like a pure number.
"Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libip6t_policy.c | 10 +++++++---
extensions/libipt_policy.c | 10 +++++++---
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 0016da2..5106c28 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -156,7 +156,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
struct ip6t_policy_info *info = (void *)(*match)->data;
struct ip6t_policy_elem *e = &info->pol[info->len];
struct in6_addr *addr = NULL, mask;
- unsigned int naddr = 0;
+ unsigned int naddr = 0, num;
int mode;
xtables_check_inverse(optarg, &invert, &optind, 0);
@@ -197,7 +197,9 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
e->match.reqid = 1;
e->invert.reqid = invert;
- e->reqid = strtoul(argv[optind-1], NULL, 10);
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "policy", "--reqid", optarg);
+ e->reqid = num;
break;
case '5':
if (e->match.spi)
@@ -206,7 +208,9 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
e->match.spi = 1;
e->invert.spi = invert;
- e->spi = strtoul(argv[optind-1], NULL, 0x10);
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "policy", "--spi", optarg);
+ e->spi = num;
break;
case '6':
if (e->match.saddr)
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 1271fba..ae7282a 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -124,7 +124,7 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
struct ipt_policy_info *info = (void *)(*match)->data;
struct ipt_policy_elem *e = &info->pol[info->len];
struct in_addr *addr = NULL, mask;
- unsigned int naddr = 0;
+ unsigned int naddr = 0, num;
int mode;
xtables_check_inverse(optarg, &invert, &optind, 0);
@@ -165,7 +165,9 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
e->match.reqid = 1;
e->invert.reqid = invert;
- e->reqid = strtoul(argv[optind-1], NULL, 10);
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "policy", "--spi", optarg);
+ e->reqid = num;
break;
case '5':
if (e->match.spi)
@@ -174,7 +176,9 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
e->match.spi = 1;
e->invert.spi = invert;
- e->spi = strtoul(argv[optind-1], NULL, 0x10);
+ if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+ xtables_param_act(XTF_BAD_VALUE, "policy", "--spi", optarg);
+ e->spi = num;
break;
case '6':
if (e->match.saddr)
--
1.6.1.3
next prev parent reply other threads:[~2009-02-21 3:18 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-21 3:17 [pull] request for 20090220 Jan Engelhardt
2009-02-21 3:17 ` [PATCH 1/6] doc: resynchronize manpage with in-code help Jan Engelhardt
2009-02-21 3:18 ` [PATCH 2/6] libxtables: inline and remove unused OPTION_OFFSET macro Jan Engelhardt
2009-02-21 3:18 ` [PATCH 3/6] libxtables: prefix exit_error to xtables_error Jan Engelhardt
2009-02-21 7:37 ` Jesper Dangaard Brouer
2009-02-21 14:46 ` Jan Engelhardt
2009-02-23 16:46 ` Patrick McHardy
2009-02-23 16:53 ` Jan Engelhardt
2009-02-23 16:56 ` Patrick McHardy
2009-02-23 17:28 ` Jan Engelhardt
2009-02-27 19:16 ` Jan Engelhardt
2009-02-21 3:18 ` [PATCH 4/6] extensions: remove unwanted/add needed includes for IPv6 exts Jan Engelhardt
2009-02-21 3:18 ` [PATCH 5/6] extensions: remove unwanted/add needed includes for IPv4 exts Jan Engelhardt
2009-02-21 3:18 ` Jan Engelhardt [this message]
2009-02-21 12:54 ` [pull] request for 20090220 jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1235186284-31661-7-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=hadi@cyberus.ca \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).