This (rather large) series of patches contains changes to address
complaints of a recent covscan run. As is typical for covscan, not all
of them are problematic in practice, but in case the false-negative is
not obvious at first (or second) sight, changing the code is still not a
bad idea just to ease future audits.
Phil Sutter (28):
nfnl_osf: Drop pointless check in xt_osf_strchr()
xtables: Fix for wrong assert() in __nft_table_flush()
libxtables: Integrate getethertype.c from xtables core
Mark fall through cases in switch() statements
ip{,6}tables-restore: Fix for uninitialized array 'curtable'
xtables: Remove unused variable in nft_is_table_compatible()
libxt_LED: Avoid string overrun while parsing led-trigger-id
libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION
libxt_conntrack: Avoid potential buffer overrun
libxt_ipvs: Avoid potential buffer overrun
libxt_time: Drop initialization of variable 'year'
libiptc: Simplify alloc_handle() function signature
libxtables: Avoid calling memcpy() with NULL source
libxtables: Don't read garbage in xtables_strtoui()
nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query()
iptables-apply: Quote strings passed to echo
iptables-apply: Replace signal numbers by names
Share print_ipv{4,6}_addr() from xtables
iptables: Use print_ifaces() from xtables
Sanitize calls to strcpy()
nft-arp: Drop ineffective conditional
extensions: libebt_ip{,6}: Drop pointless error checking
Fix a few cases of pointless assignments
libxtables: Use posix_spawn() instead of vfork()
xtables: Don't read garbage in nft_ipv4_parse_payload()
arptables: Fix incorrect strcmp() in nft_arp_rule_find()
xtables: Drop pointless check
iptables: Gitignore xtables-{legacy,nft}-multi scripts
extensions/libebt_arp.c | 72 +------------------
extensions/libebt_ip.c | 4 --
extensions/libebt_ip6.c | 4 --
extensions/libebt_log.c | 28 ++++----
extensions/libebt_vlan.c | 72 +------------------
extensions/libxt_LED.c | 3 +-
extensions/libxt_conntrack.c | 22 ++----
extensions/libxt_ipvs.c | 22 +++---
extensions/libxt_set.c | 5 ++
extensions/libxt_time.c | 8 +--
iptables/.gitignore | 2 +
iptables/Makefile.am | 2 +-
iptables/ip6tables-restore.c | 6 +-
iptables/ip6tables.c | 70 +++---------------
iptables/iptables-apply | 9 +--
iptables/iptables-restore.c | 6 +-
iptables/iptables-xml.c | 4 +-
iptables/iptables.c | 67 +++---------------
iptables/nft-arp.c | 5 +-
iptables/nft-ipv4.c | 35 ++-------
iptables/nft-ipv6.c | 41 +----------
iptables/nft-shared.c | 60 ++--------------
iptables/nft-shared.h | 2 -
iptables/nft.c | 6 +-
iptables/xshared.c | 94 ++++++++++++++++++++++++-
iptables/xshared.h | 6 ++
iptables/xtables-eb-translate.c | 1 -
iptables/xtables-eb.c | 5 +-
iptables/xtables-restore.c | 4 +-
iptables/xtables-translate.c | 3 +-
iptables/xtables.c | 14 ++--
libiptc/libiptc.c | 19 ++---
libxtables/Makefile.am | 2 +-
{iptables => libxtables}/getethertype.c | 0
libxtables/xtables.c | 34 ++++-----
libxtables/xtoptions.c | 14 ++--
utils/nfnl_osf.c | 17 ++---
37 files changed, 256 insertions(+), 512 deletions(-)
rename {iptables => libxtables}/getethertype.c (100%)
--
2.18.0
