As pointed out by Bernhard Reutner-Fischer, a malformed line fed to
iptables-xml such as the below with a missing space after the -A:
-APOSTROUTING -d 1.1.1.1/32 -p tcp -j MASQUERADE
causes a segfault. Patch attached.
This closes netfilter bugzilla #886.
Signed-off-by: Phil Oester <kernel@xxxxxxxxxxxx>
diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c
index 9628447..c7615ab 100644
--- a/iptables/iptables-xml.c
+++ b/iptables/iptables-xml.c
@@ -845,6 +845,11 @@ iptables_xml_main(int argc, char *argv[])
for (a = 0; a < newargc; a++)
DEBUGP("argv[%u]: %s\n", a, newargv[a]);
+ if (!chain) {
+ fprintf(stderr, "%s: line %u failed - no chain found\n",
+ prog_name, line);
+ exit(1);
+ }
needChain(chain);// Should we explicitly look for -A
do_rule(pcnt, bcnt, newargc, newargv, newargvattr);
