projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
iptables: fix regression with unintended free in need_protomatch
[project/firewall3.git]
/
utils.c
diff --git
a/utils.c
b/utils.c
index 441dbd26020a7864411688e2ac8f127b051903db..faa51a1a589b277421f1e5c16ee35d43eea89d92 100644
(file)
--- a/
utils.c
+++ b/
utils.c
@@
-191,8
+191,7
@@
fw3_find_command(const char *cmd)
if ((plen + clen) >= sizeof(path))
continue;
if ((plen + clen) >= sizeof(path))
continue;
- strncpy(path, search, plen);
- sprintf(path + plen, "/%s", cmd);
+ snprintf(path, sizeof(path), "%.*s/%s", plen, search, cmd);
if (!stat(path, &s) && S_ISREG(s.st_mode))
return path;
if (!stat(path, &s) && S_ISREG(s.st_mode))
return path;
@@
-316,23
+315,19
@@
fw3_command_close(void)
pipe_pid = -1;
}
pipe_pid = -1;
}
-bool
-f
w3_has_table(bool ipv6, const char *table
)
+
static
bool
+f
ile_contains(const char *path, const char *str
)
{
FILE *f;
{
FILE *f;
-
char line[12];
bool seen = false;
char line[12];
bool seen = false;
- const char *path = ipv6
- ? "/proc/net/ip6_tables_names" : "/proc/net/ip_tables_names";
-
if (!(f = fopen(path, "r")))
return false;
while (fgets(line, sizeof(line), f))
{
if (!(f = fopen(path, "r")))
return false;
while (fgets(line, sizeof(line), f))
{
- if (!strncmp(line,
table, strlen(table
)))
+ if (!strncmp(line,
str, strlen(str
)))
{
seen = true;
break;
{
seen = true;
break;
@@
-344,6
+339,14
@@
fw3_has_table(bool ipv6, const char *table)
return seen;
}
return seen;
}
+bool
+fw3_has_target(const bool ipv6, const char *target)
+{
+ const char *path = ipv6
+ ? "/proc/net/ip6_tables_targets" : "/proc/net/ip_tables_targets";
+
+ return file_contains(path, target);
+}
bool
fw3_lock_path(int *fd, const char *path)
bool
fw3_lock_path(int *fd, const char *path)
@@
-385,7
+388,6
@@
fw3_unlock_path(int *fd, const char *lockpath)
warn("Cannot release exclusive lock: %s", strerror(errno));
close(*fd);
warn("Cannot release exclusive lock: %s", strerror(errno));
close(*fd);
- unlink(FW3_LOCKFILE);
*fd = -1;
}
*fd = -1;
}
@@
-402,7
+404,7
@@
static void
write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d,
struct uci_package *dest)
{
write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d,
struct uci_package *dest)
{
- char buf[sizeof("0xffffffff
\0
")];
+ char buf[sizeof("0xffffffff")];
struct uci_ptr ptr = { .p = dest };
uci_add_section(ctx, dest, "defaults", &ptr.s);
struct uci_ptr ptr = { .p = dest };
uci_add_section(ctx, dest, "defaults", &ptr.s);
@@
-422,13
+424,13
@@
write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d,
ptr.value = fw3_flag_names[d->policy_forward];
uci_set(ctx, &ptr);
ptr.value = fw3_flag_names[d->policy_forward];
uci_set(ctx, &ptr);
- s
printf(buf
, "0x%x", d->flags[0]);
+ s
nprintf(buf, sizeof(buf)
, "0x%x", d->flags[0]);
ptr.o = NULL;
ptr.option = "__flags_v4";
ptr.value = buf;
uci_set(ctx, &ptr);
ptr.o = NULL;
ptr.option = "__flags_v4";
ptr.value = buf;
uci_set(ctx, &ptr);
- s
printf(buf
, "0x%x", d->flags[1]);
+ s
nprintf(buf, sizeof(buf)
, "0x%x", d->flags[1]);
ptr.o = NULL;
ptr.option = "__flags_v6";
ptr.value = buf;
ptr.o = NULL;
ptr.option = "__flags_v6";
ptr.value = buf;
@@
-585,13
+587,13
@@
write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
uci_set(ctx, &ptr);
}
uci_set(ctx, &ptr);
}
- s
printf(buf
, "0x%x", z->flags[0]);
+ s
nprintf(buf, sizeof(buf)
, "0x%x", z->flags[0]);
ptr.o = NULL;
ptr.option = "__flags_v4";
ptr.value = buf;
uci_set(ctx, &ptr);
ptr.o = NULL;
ptr.option = "__flags_v4";
ptr.value = buf;
uci_set(ctx, &ptr);
- s
printf(buf
, "0x%x", z->flags[1]);
+ s
nprintf(buf, sizeof(buf)
, "0x%x", z->flags[1]);
ptr.o = NULL;
ptr.option = "__flags_v6";
ptr.value = buf;
ptr.o = NULL;
ptr.option = "__flags_v6";
ptr.value = buf;
@@
-604,7
+606,7
@@
write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
{
struct fw3_ipset_datatype *type;
{
struct fw3_ipset_datatype *type;
- char buf[sizeof("65535-65535
\0
")];
+ char buf[sizeof("65535-65535")];
struct uci_ptr ptr = { .p = dest };
struct uci_ptr ptr = { .p = dest };
@@
-633,7
+635,7
@@
write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
list_for_each_entry(type, &s->datatypes, list)
{
list_for_each_entry(type, &s->datatypes, list)
{
- s
printf(buf
, "%s_%s", type->dir, fw3_ipset_type_names[type->type]);
+ s
nprintf(buf, sizeof(buf)
, "%s_%s", type->dir, fw3_ipset_type_names[type->type]);
ptr.o = NULL;
ptr.option = "match";
ptr.value = buf;
ptr.o = NULL;
ptr.option = "match";
ptr.value = buf;
@@
-650,7
+652,7
@@
write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
if (s->portrange.set)
{
if (s->portrange.set)
{
- s
printf(buf
, "%u-%u", s->portrange.port_min, s->portrange.port_max);
+ s
nprintf(buf, sizeof(buf)
, "%u-%u", s->portrange.port_min, s->portrange.port_max);
ptr.o = NULL;
ptr.option = "portrange";
ptr.value = buf;
ptr.o = NULL;
ptr.option = "portrange";
ptr.value = buf;
@@
-994,7
+996,7
@@
fw3_check_loopback_dev(const char *name)
return false;
memset(&ifr, 0, sizeof(ifr));
return false;
memset(&ifr, 0, sizeof(ifr));
- s
trncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name) - 1
);
+ s
nprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", name
);
if (ioctl(s, SIOCGIFFLAGS, &ifr) >= 0) {
if (ifr.ifr_flags & IFF_LOOPBACK)
if (ioctl(s, SIOCGIFFLAGS, &ifr) >= 0) {
if (ifr.ifr_flags & IFF_LOOPBACK)