bugzilla-daemon@netfilter.org
2003-Mar-17 01:06 UTC
[Bug 65] New: Problem with error message when tcp-flags doesn't recognize a flag
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=65
Summary: Problem with error message when tcp-flags doesn't
recognize a flag
Product: iptables userspace
Version: 1.2.7a
Platform: other
OS/Version: other
Status: NEW
Severity: minor
Priority: P2
Component: iptables
AssignedTo: laforge@netfilter.org
ReportedBy: androsyn@ratbox.org
CC: netfilter-buglog@lists.netfilter.org
When iptables is passed multiple tcp flags and doesn't recognize the flag,
iptables reports the previous flag, not the current one. For example pass
something like
iptables -A INPUT -p tcp --tcp-flags SYN,FIN,UGH -j DROP
Obviously the UGH is wrong, but it reports FIN as the flag it doesn't
recognize.
Here is a patch to fix the issue in both iptables and ip6tables.
Index: extensions/libip6t_tcp.c
==================================================================RCS file:
/cvspublic/netfilter/userspace/extensions/libip6t_tcp.c,v
retrieving revision 1.10
diff -u -r1.10 libip6t_tcp.c
--- extensions/libip6t_tcp.c 26 Jul 2002 16:27:57 -0000 1.10
+++ extensions/libip6t_tcp.c 17 Mar 2003 01:00:11 -0000
@@ -122,7 +122,7 @@
}
if (i == sizeof(tcp_flag_names)/sizeof(struct tcp_flag_names))
exit_error(PARAMETER_PROBLEM,
- "Unknown TCP flag `%s'", buffer);
+ "Unknown TCP flag `%s'", ptr);
}
free(buffer);
Index: extensions/libipt_tcp.c
==================================================================RCS file:
/cvspublic/netfilter/userspace/extensions/libipt_tcp.c,v
retrieving revision 1.14
diff -u -r1.14 libipt_tcp.c
--- extensions/libipt_tcp.c 26 Jul 2002 16:27:57 -0000 1.14
+++ extensions/libipt_tcp.c 17 Mar 2003 01:00:11 -0000
@@ -122,7 +122,7 @@
}
if (i == sizeof(tcp_flag_names)/sizeof(struct tcp_flag_names))
exit_error(PARAMETER_PROBLEM,
- "Unknown TCP flag `%s'", buffer);
+ "Unknown TCP flag `%s'", ptr);
}
free(buffer);
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Seemingly Similar Threads
- [Bug 65] Problem with error message when tcp-flags doesn't recognize a flag
- [Bug 437] New: restore can segfaults when restoring corrupt policy counters
- [Bug 545] New: Array subscript is above array bounds
- [ANNOUNCE] netfilter/iptables Anonymous CVS has been moved
- [Bug 825] New: broken led-delay parameter in the LED extension
Wisdom of the Ancients
