From a2911408959d7e86bc4bad4f1be2551a19ad125c Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 9 Apr 2024 13:18:12 +0200 Subject: xshared: Fix parsing of empty string arg in '-c' option Calling iptables with '-c ""' resulted in a call to strchr() with an invalid pointer as 'optarg + 1' points to past the buffer. The most simple fix is to drop the offset: The global optstring part specifies a single colon after 'c', so getopt() enforces a valid pointer in optarg. If it contains a comma at first position, packet counter value parsing will fail so all cases are covered. Reported-by: gorbanev.es@gmail.com Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1741 Fixes: 60a6073690a45 ("Make --set-counters (-c) accept comma separated counters") Signed-off-by: Phil Sutter Conflict:iptables/xshared.c => iptables/ip6tables.c,iptables/iptables.c,iptables/xtables.c;Because the higher version has do_parse as a public function and resolves by calling do_parse Reference:https://git.netfilter.org/iptables/commit/?id=a2911408959d7e86bc4bad4f1be2551a19ad125c --- extensions/iptables.t | 5 +++++ iptables/ip6tables.c | 2 +- iptables/iptables.c | 2 +- iptables/xtables.c | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/extensions/iptables.t b/extensions/iptables.t index b4b6d67..5d6d3d1 100644 --- a/extensions/iptables.t +++ b/extensions/iptables.t @@ -4,3 +4,8 @@ -i eth+ -o alongifacename+;=;OK ! -i eth0;=;OK ! -o eth+;=;OK +-c "";;FAIL +-c ,3;;FAIL +-c 3,;;FAIL +-c ,;;FAIL +-c 2,3 -j ACCEPT;-j ACCEPT;OK diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index 9ada9d7..c271442 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -1425,7 +1425,7 @@ int do_command6(int argc, char *argv[], char **table, set_option(&cs.options, OPT_COUNTERS, &cs.fw6.ipv6.invflags, cs.invert); pcnt = optarg; - bcnt = strchr(pcnt + 1, ','); + bcnt = strchr(pcnt, ','); if (bcnt) bcnt++; if (!bcnt && xs_has_arg(argc, argv)) diff --git a/iptables/iptables.c b/iptables/iptables.c index 4a3c7ef..9a61f8b 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -1416,7 +1416,7 @@ int do_command4(int argc, char *argv[], char **table, set_option(&cs.options, OPT_COUNTERS, &cs.fw.ip.invflags, cs.invert); pcnt = optarg; - bcnt = strchr(pcnt + 1, ','); + bcnt = strchr(pcnt, ','); if (bcnt) bcnt++; if (!bcnt && xs_has_arg(argc, argv)) diff --git a/iptables/xtables.c b/iptables/xtables.c index a16bba7..dd3410d 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -812,7 +812,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], set_option(&cs->options, OPT_COUNTERS, &args->invflags, cs->invert); args->pcnt = optarg; - args->bcnt = strchr(args->pcnt + 1, ','); + args->bcnt = strchr(args->pcnt, ','); if (args->bcnt) args->bcnt++; if (!args->bcnt && xs_has_arg(argc, argv)) -- 2.33.0