Hi Pablo,
On Thu, Dec 12, 2019 at 06:14:55PM +0100, Pablo Neira Ayuso wrote:
[...]
> diff --git a/src/main.c b/src/main.c
> index fde8b15c5870..c96953e3cd2f 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -202,29 +202,107 @@ static const struct {
> },
> };
>
> +struct nft_opts {
> + char **argv;
> + int argc;
> +};
> +
> +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> +{
> + uint32_t scope = 0;
> + char *new_argv;
> + int i;
> +
> + opts->argv = calloc(argc + 1, sizeof(char *));
> + if (!opts->argv)
> + return -1;
> +
> + for (i = 0; i < argc; i++) {
> + if (scope > 0) {
> + if (argv[i][0] == '-') {
> + new_argv = malloc(strlen(argv[i]) + 2);
> + if (!new_argv)
> + return -1;
> +
> + sprintf(new_argv, "\\-%s", &argv[i][1]);
> + opts->argv[opts->argc++] = new_argv;
> + continue;
> + }
> + } else if (argv[i][0] == '{') {
> + scope++;
> + } else if (argv[i][0] == '}') {
> + scope--;
> + }
This first char check is not reliable, bison accepts commands which lack
spaces in the relevant places:
| # nft add chain inet t c{ type filter hook input priority filter\; }
| # echo $?
| 0
Cheers, Phil
