laurenceman / rpms / iptables

Forked from rpms/iptables 5 years ago
Clone
Blob Blame History Raw
From 1d8efdc3ce231f08b57ee5eb5d784ccb5867c69b Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 5 Feb 2019 17:01:42 +0100
Subject: [PATCH] xshared: Explicitly pass target to command_jump()

The use of global 'optarg' variable inside that function is a mess, but
most importantly it limits its applicability to input parsers. Fix this
by having it take the option argument as a parameter.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
(cherry picked from commit 932d5c3fb94acc499c8a6264e354ab1e33316b72)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 iptables/ip6tables.c            | 2 +-
 iptables/iptables.c             | 2 +-
 iptables/xshared.c              | 4 ++--
 iptables/xshared.h              | 2 +-
 iptables/xtables-arp.c          | 2 +-
 iptables/xtables-eb-translate.c | 2 +-
 iptables/xtables-eb.c           | 2 +-
 iptables/xtables.c              | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index fe089de4c85d7..050afa9a36458 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1441,7 +1441,7 @@ int do_command6(int argc, char *argv[], char **table,
 		case 'j':
 			set_option(&cs.options, OPT_JUMP, &cs.fw6.ipv6.invflags,
 					cs.invert);
-			command_jump(&cs);
+			command_jump(&cs, optarg);
 			break;
 
 
diff --git a/iptables/iptables.c b/iptables/iptables.c
index f8041f56ce70d..38c4bfe8ecf5c 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -1421,7 +1421,7 @@ int do_command4(int argc, char *argv[], char **table,
 		case 'j':
 			set_option(&cs.options, OPT_JUMP, &cs.fw.ip.invflags,
 				   cs.invert);
-			command_jump(&cs);
+			command_jump(&cs, optarg);
 			break;
 
 
diff --git a/iptables/xshared.c b/iptables/xshared.c
index b16f5fa68e569..fb186fb1ac657 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -653,12 +653,12 @@ const char *xt_parse_target(const char *targetname)
 	return targetname;
 }
 
-void command_jump(struct iptables_command_state *cs)
+void command_jump(struct iptables_command_state *cs, const char *jumpto)
 {
 	struct option *opts = xt_params->opts;
 	size_t size;
 
-	cs->jumpto = xt_parse_target(optarg);
+	cs->jumpto = xt_parse_target(jumpto);
 	/* TRY_LOAD (may be chain name) */
 	cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD);
 
diff --git a/iptables/xshared.h b/iptables/xshared.h
index db499f29236ed..fd1f96bad1b98 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -176,6 +176,6 @@ void print_ifaces(const char *iniface, const char *outiface, uint8_t invflags,
 
 void command_match(struct iptables_command_state *cs);
 const char *xt_parse_target(const char *targetname);
-void command_jump(struct iptables_command_state *cs);
+void command_jump(struct iptables_command_state *cs, const char *jumpto);
 
 #endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 85bcc841b21f5..4a873b15c6833 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -1161,7 +1161,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
 		case 'j':
 			set_option(&options, OPT_JUMP, &cs.arp.arp.invflags,
 				   invert);
-			command_jump(&cs);
+			command_jump(&cs, optarg);
 			break;
 
 		case 'i':
diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c
index 0fe14d2d0db32..96b2730fa97ed 100644
--- a/iptables/xtables-eb-translate.c
+++ b/iptables/xtables-eb-translate.c
@@ -390,7 +390,7 @@ print_zero:
 				break;
 			} else if (c == 'j') {
 				ebt_check_option2(&flags, OPT_JUMP);
-				command_jump(&cs);
+				command_jump(&cs, optarg);
 				break;
 			} else if (c == 's') {
 				ebt_check_option2(&flags, OPT_SOURCE);
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 55cb0fe204748..21344843a365a 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -1022,7 +1022,7 @@ print_zero:
 			} else if (c == 'j') {
 				ebt_check_option2(&flags, OPT_JUMP);
 				if (strcmp(optarg, "CONTINUE") != 0) {
-					command_jump(&cs);
+					command_jump(&cs, optarg);
 				}
 				break;
 			} else if (c == 's') {
diff --git a/iptables/xtables.c b/iptables/xtables.c
index eaa9fedeb03bb..1d777554076d7 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -820,7 +820,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 		case 'j':
 			set_option(&cs->options, OPT_JUMP, &cs->fw.ip.invflags,
 				   cs->invert);
-			command_jump(cs);
+			command_jump(cs, optarg);
 			break;
 
 
-- 
2.20.1