Creationg of chain names longer than the ones being able to jump to should be inhibited for consistency. References: http://marc.info/?l=netfilter-devel&m=128397022618316&w=2 Cc: Stig Thormodsrud <stig@xxxxxxxxxx> Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> --- ip6tables.c | 6 +++--- iptables.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ip6tables.c b/ip6tables.c index 6c5d124..15067da 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1838,10 +1838,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand generic_opt_check(command, options); - if (chain && strlen(chain) > IP6T_FUNCTION_MAXNAMELEN) + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, - "chain name `%s' too long (must be under %i chars)", - chain, IP6T_FUNCTION_MAXNAMELEN); + "chain name `%s' too long (must be under %u chars)", + chain, XT_EXTENSION_MAXNAMELEN); /* only allocate handle if we weren't called with a handle */ if (!*handle) diff --git a/iptables.c b/iptables.c index 19f6d4f..840dd3e 100644 --- a/iptables.c +++ b/iptables.c @@ -1876,10 +1876,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle generic_opt_check(command, options); - if (chain && strlen(chain) > IPT_FUNCTION_MAXNAMELEN) + if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, - "chain name `%s' too long (must be under %i chars)", - chain, IPT_FUNCTION_MAXNAMELEN); + "chain name `%s' too long (must be under %u chars)", + chain, XT_EXTENSION_MAXNAMELEN); /* only allocate handle if we weren't called with a handle */ if (!*handle) -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
