ip{,6}tables-save misleading return code

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* ip{,6}tables-save misleading return code
@ 2013-10-14 20:38 mancha
  2013-10-17  8:39 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: mancha @ 2013-10-14 20:38 UTC (permalink / raw)
  To: netfilter-devel

Hello, this came up on freenode's #netfilter today.

ip{,6}tables-save(8), when run as an unprivileged user (who
doesn't have access to /proc/net/ip{,6}_tables_names), displays
no output and returns 0 because of a Boolean inversion.

luser@myhost:~$ iptables-save; echo $? 
0

The patch below changes the return to 1 if fopen() fails.
Additionally, one could add "if (errno == EACCESS)" conditioned
error messages.

--mancha

--- a/iptables/iptables-save.c  2013-10-14
+++ b/iptables/iptables-save.c  2013-10-14
@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co

        procfile = fopen("/proc/net/ip_tables_names", "re");
        if (!procfile)
-               return ret;
+               return 0;

        while (fgets(tablename, sizeof(tablename), procfile)) {
                if (tablename[strlen(tablename) - 1] != '\n')
--- a/iptables/ip6tables-save.c 2013-10-14
+++ b/iptables/ip6tables-save.c 2013-10-14
@@ -42,7 +42,7 @@ static int for_each_table(int (*func)(co

        procfile = fopen("/proc/net/ip6_tables_names", "re");
        if (!procfile)
-               return ret;
+               return 0;

        while (fgets(tablename, sizeof(tablename), procfile)) {
                if (tablename[strlen(tablename) - 1] != '\n')


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: ip{,6}tables-save misleading return code
  2013-10-14 20:38 ip{,6}tables-save misleading return code mancha
@ 2013-10-17  8:39 ` Pablo Neira Ayuso
  2013-10-17 18:10   ` mancha
  0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2013-10-17  8:39 UTC (permalink / raw)
  To: mancha; +Cc: netfilter-devel

Hi,

On Mon, Oct 14, 2013 at 08:38:16PM +0000, mancha wrote:
> Hello, this came up on freenode's #netfilter today.
> 
> ip{,6}tables-save(8), when run as an unprivileged user (who
> doesn't have access to /proc/net/ip{,6}_tables_names), displays
> no output and returns 0 because of a Boolean inversion.
> 
> luser@myhost:~$ iptables-save; echo $? 
> 0
> 
> The patch below changes the return to 1 if fopen() fails.
> Additionally, one could add "if (errno == EACCESS)" conditioned
> error messages.

Need your Signed-off-by tag / full name to take this patch, please,
let me know. No need to resend, I'll amend it. Thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: ip{,6}tables-save misleading return code
  2013-10-17  8:39 ` Pablo Neira Ayuso
@ 2013-10-17 18:10   ` mancha
  0 siblings, 0 replies; 3+ messages in thread
From: mancha @ 2013-10-17 18:10 UTC (permalink / raw)
  To: netfilter-devel

Pablo Neira Ayuso <pablo <at> netfilter.org> writes:
> 
> Need your Signed-off-by tag / full name to take this patch, please,
> let me know. No need to resend, I'll amend it. Thanks.

Hi. Thank you for your email.

As for attribution, my Signed-off-by tag is "mancha". I didn't mean to
add more work for you. In the future I'll submit using git format-patch.

Thanks!

--mancha




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-10-17 21:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-14 20:38 ip{,6}tables-save misleading return code mancha
2013-10-17  8:39 ` Pablo Neira Ayuso
2013-10-17 18:10   ` mancha

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).