* ip{,6}tables-save misleading return code
@ 2013-10-14 20:38 mancha
2013-10-17 8:39 ` Pablo Neira Ayuso
0 siblings, 1 reply; 3+ messages in thread
From: mancha @ 2013-10-14 20:38 UTC (permalink / raw)
To: netfilter-devel
Hello, this came up on freenode's #netfilter today.
ip{,6}tables-save(8), when run as an unprivileged user (who
doesn't have access to /proc/net/ip{,6}_tables_names), displays
no output and returns 0 because of a Boolean inversion.
luser@myhost:~$ iptables-save; echo $?
0
The patch below changes the return to 1 if fopen() fails.
Additionally, one could add "if (errno == EACCESS)" conditioned
error messages.
--mancha
--- a/iptables/iptables-save.c 2013-10-14
+++ b/iptables/iptables-save.c 2013-10-14
@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co
procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
- return ret;
+ return 0;
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
--- a/iptables/ip6tables-save.c 2013-10-14
+++ b/iptables/ip6tables-save.c 2013-10-14
@@ -42,7 +42,7 @@ static int for_each_table(int (*func)(co
procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
- return ret;
+ return 0;
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ip{,6}tables-save misleading return code
2013-10-14 20:38 ip{,6}tables-save misleading return code mancha
@ 2013-10-17 8:39 ` Pablo Neira Ayuso
2013-10-17 18:10 ` mancha
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2013-10-17 8:39 UTC (permalink / raw)
To: mancha; +Cc: netfilter-devel
Hi,
On Mon, Oct 14, 2013 at 08:38:16PM +0000, mancha wrote:
> Hello, this came up on freenode's #netfilter today.
>
> ip{,6}tables-save(8), when run as an unprivileged user (who
> doesn't have access to /proc/net/ip{,6}_tables_names), displays
> no output and returns 0 because of a Boolean inversion.
>
> luser@myhost:~$ iptables-save; echo $?
> 0
>
> The patch below changes the return to 1 if fopen() fails.
> Additionally, one could add "if (errno == EACCESS)" conditioned
> error messages.
Need your Signed-off-by tag / full name to take this patch, please,
let me know. No need to resend, I'll amend it. Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ip{,6}tables-save misleading return code
2013-10-17 8:39 ` Pablo Neira Ayuso
@ 2013-10-17 18:10 ` mancha
0 siblings, 0 replies; 3+ messages in thread
From: mancha @ 2013-10-17 18:10 UTC (permalink / raw)
To: netfilter-devel
Pablo Neira Ayuso <pablo <at> netfilter.org> writes:
>
> Need your Signed-off-by tag / full name to take this patch, please,
> let me know. No need to resend, I'll amend it. Thanks.
Hi. Thank you for your email.
As for attribution, my Signed-off-by tag is "mancha". I didn't mean to
add more work for you. In the future I'll submit using git format-patch.
Thanks!
--mancha
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-10-17 21:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-14 20:38 ip{,6}tables-save misleading return code mancha
2013-10-17 8:39 ` Pablo Neira Ayuso
2013-10-17 18:10 ` mancha
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).