[iptables PATCH 04/28] Mark fall through cases in switch() statements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Typical covscan complaint, non-empty fall throughs should be marked as
such. There was but a single case which should break instead, namely in
libebt_log.c: It is not critical, since the next case merely asserts
'invert' being zero (which can't be as it was checked before). But while
being at it, introduce log_chk_inv() to consolidate the semantically
equal cases for the various log types.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 extensions/libebt_log.c | 28 +++++++++++++---------------
 extensions/libxt_set.c  |  5 +++++
 iptables/nft-shared.c   |  1 +
 3 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/extensions/libebt_log.c b/extensions/libebt_log.c
index a86bdebaaae0a..8858cf0e22c00 100644
--- a/extensions/libebt_log.c
+++ b/extensions/libebt_log.c
@@ -92,6 +92,14 @@ static void brlog_init(struct xt_entry_target *t)
 	loginfo->loglevel = LOG_NOTICE;
 }
 
+static unsigned int log_chk_inv(int inv, unsigned int bit, const char *suffix)
+{
+	if (inv)
+		xtables_error(PARAMETER_PROBLEM,
+			      "Unexpected `!' after --log%s", suffix);
+	return bit;
+}
+
 static int brlog_parse(int c, char **argv, int invert, unsigned int *flags,
 		       const void *entry, struct xt_entry_target **target)
 {
@@ -125,26 +133,16 @@ static int brlog_parse(int c, char **argv, int invert, unsigned int *flags,
 				      "Problem with the log-level");
 		break;
 	case LOG_IP:
-		if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-				      "Unexpected `!' after --log-ip");
-		loginfo->bitmask |= EBT_LOG_IP;
+		loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_IP, "-ip");
 		break;
 	case LOG_ARP:
-		if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-				      "Unexpected `!' after --log-arp");
-		loginfo->bitmask |= EBT_LOG_ARP;
+		loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_ARP, "-arp");
+		break;
 	case LOG_LOG:
-		if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-				      "Unexpected `!' after --log");
+		loginfo->bitmask |= log_chk_inv(invert, 0, "");
 		break;
 	case LOG_IP6:
-		if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-				      "Unexpected `!' after --log-ip6");
-		loginfo->bitmask |= EBT_LOG_IP6;
+		loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_IP6, "-ip6");
 		break;
 	default:
 		return 0;
diff --git a/extensions/libxt_set.c b/extensions/libxt_set.c
index 679c04c75b0f6..16921023a22f8 100644
--- a/extensions/libxt_set.c
+++ b/extensions/libxt_set.c
@@ -60,6 +60,7 @@ set_parse_v0(int c, char **argv, int invert, unsigned int *flags,
 	case '2':
 		fprintf(stderr,
 			"--set option deprecated, please use --match-set\n");
+		/* fall through */
 	case '1':		/* --match-set <set> <flag>[,<flag> */
 		if (info->u.flags[0])
 			xtables_error(PARAMETER_PROBLEM,
@@ -140,6 +141,7 @@ set_parse_v1(int c, char **argv, int invert, unsigned int *flags,
 	case '2':
 		fprintf(stderr,
 			"--set option deprecated, please use --match-set\n");
+		/* fall through */
 	case '1':		/* --match-set <set> <flag>[,<flag> */
 		if (info->dim)
 			xtables_error(PARAMETER_PROBLEM,
@@ -238,6 +240,7 @@ set_parse_v2(int c, char **argv, int invert, unsigned int *flags,
 	case '2':
 		fprintf(stderr,
 			"--set option deprecated, please use --match-set\n");
+		/* fall through */
 	case '1':		/* --match-set <set> <flag>[,<flag> */
 		if (info->dim)
 			xtables_error(PARAMETER_PROBLEM,
@@ -415,6 +418,7 @@ set_parse_v3(int c, char **argv, int invert, unsigned int *flags,
 	case '2':
 		fprintf(stderr,
 			"--set option deprecated, please use --match-set\n");
+		/* fall through */
 	case '1':		/* --match-set <set> <flag>[,<flag> */
 		if (info->match_set.dim)
 			xtables_error(PARAMETER_PROBLEM,
@@ -583,6 +587,7 @@ set_parse_v4(int c, char **argv, int invert, unsigned int *flags,
 	case '2':
 		fprintf(stderr,
 			"--set option deprecated, please use --match-set\n");
+		/* fall through */
 	case '1':		/* --match-set <set> <flag>[,<flag> */
 		if (info->match_set.dim)
 			xtables_error(PARAMETER_PROBLEM,
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index c8414294833c5..a38ffd3aa1145 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -547,6 +547,7 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 		break;;
 	case NFT_GOTO:
 		nft_goto = true;
+		/* fall through */
 	case NFT_JUMP:
 		jumpto = chain;
 		break;
-- 
2.18.0




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux