iptables: correctly check for too-long chain/target/match names
* iptables-restore was not checking for chain name length
* iptables was not checking for match name length
* target length was checked against 32, not 29.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=641
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
diff --git a/xtables.c b/xtables.c
index f3baf84..7340c87 100644
--- a/xtables.c
+++ b/xtables.c
@@ -545,6 +545,11 @@
struct xtables_match *ptr;
const char *icmp6 = "icmp6";
+ if (strlen(name) > XT_FUNCTION_MAXNAMELEN - 1)
+ xtables_error(PARAMETER_PROBLEM,
+ "Invalid match name \"%s\" (%u chars max)",
+ name, XT_FUNCTION_MAXNAMELEN - 1);
+
/* This is ugly as hell. Nonetheless, there is no way of changing
* this without hurting backwards compatibility */
if ( (strcmp(name,"icmpv6") == 0) ||