[PATCH] iptables-save: Exit with error if unable to open proc file

Thomas Habets <thomas@xxxxxxxxx> · Wed, 18 Jan 2017 13:23:59 +0000

I sent this before without being subscribed, but it doesn't seem to
have reached the archives so now retrying while subscribed.

If you're not root, then iptables-save silently fails (both to stderr
and exit code). This patch fixes that.
--


Author: Thomas Habets <habets@xxxxxxxxxx>
Date:   Tue Jan 17 14:22:25 2017 +0000

    iptables-save: Exit with error if unable to open proc file

diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
index f35e921..5097406 100644
--- a/iptables/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -35,10 +35,16 @@ static int for_each_table(int (*func)(const char
*tablename))
        int ret = 1;
        FILE *procfile = NULL;
        char tablename[XT_TABLE_MAXNAMELEN+1];
+       const char *filename = "/proc/net/ip6_tables_names";

-       procfile = fopen("/proc/net/ip6_tables_names", "re");
-       if (!procfile)
-               return ret;
+       procfile = fopen(filename, "re");
+       if (!procfile) {
+               if (errno == ENOENT) {
+                       return ret;
+               }
+               fprintf(stderr, "Failed to list table names in %s:
%s\n", filename, strerror(errno));
+               exit(1);
+       }

        while (fgets(tablename, sizeof(tablename), procfile)) {
                if (tablename[strlen(tablename) - 1] != '\n')
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index 238f368..47d5378 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -33,10 +33,16 @@ static int for_each_table(int (*func)(const char
*tablename))
        int ret = 1;
        FILE *procfile = NULL;
        char tablename[XT_TABLE_MAXNAMELEN+1];
+       const char *filename = "/proc/net/ip_tables_names";

-       procfile = fopen("/proc/net/ip_tables_names", "re");
-       if (!procfile)
-               return ret;
+       procfile = fopen(filename, "re");
+       if (!procfile) {
+               if (errno == ENOENT) {
+                       return ret;
+               }
+               fprintf(stderr, "Failed to list table names in %s:
%s\n", filename, strerror(errno));
+               exit(1);
+       }

        while (fgets(tablename, sizeof(tablename), procfile)) {
                if (tablename[strlen(tablename) - 1] != '\n')

-- 
typedef struct me_s {
 char name[]      = { "Thomas Habets" };
 char email[]     = { "thomas@xxxxxxxxx" };
 char kernel[]    = { "Linux" };
 char *pgpKey[]   = { "http://www.habets.pp.se/pubkey.txt"; };
 char pgp[] = { "9907 8698 8A24 F52F 1C2E  87F6 39A4 9EEA 460A 0169" };
 char coolcmd[]   = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






