Bug#327007: BUG: iptables -j does not work for chains with a length >=28 (was moe infos...)

Pablo Neira Tue, 15 Nov 2005 09:48:34 -0800

Bernd Zeimetz wrote:
> Hi,
> 
> 
>>As you can see the bug does not happen for chains
>>- with a length <=28
>>- with a name containing only numbers
>>- with a name beginning with numbers and having less than ~11 letters at
>>the end.
> 
> 
> this is - of course - not true. I didn't realize that
> 
> 
>>iptables -N 123456789012345678yzabcdefgh
>>and this works:
>>iptables -A FORWARD -j 123456789012345678yzabcdefghij
> 
> 
> this happened pretty often while testing.
> 
> 
>>set_revision(target->t->u.user.name, target->revision); // iptables.c:2397
> 
> What does set_revision really do? Is it still needed?


This was included to add support for match/target revisions without
breaking backward compatibility.

The patch attached fixes the problem that you're reporting here. I tried
with the shell script attached and seems to work fine. I'll pass it to
Harald.

-- 
Pablo

Index: iptables.c
===================================================================
--- iptables.c  (revision 4511)
+++ iptables.c  (working copy)
@@ -2394,7 +2396,9 @@
                        target->t = fw_calloc(1, size);
                        target->t->u.target_size = size;
                        strcpy(target->t->u.user.name, jumpto);
-                       set_revision(target->t->u.user.name, target->revision);
+                       if (!iptc_is_chain(jumpto, *handle))
+                               set_revision(target->t->u.user.name,
+                                            target->revision);
                        if (target->init != NULL)
                                target->init(target->t, &fw.nfcache);
                }

 iptables -N 123456789012345678901234567
 iptables -A FORWARD -j 123456789012345678901234567
 iptables -N 1234567890123456789012345678
 iptables -A FORWARD -j 1234567890123456789012345678
 iptables -N 12345678901234567890123456789
 iptables -A FORWARD -j 12345678901234567890123456789
 iptables -N 12345678901234567890abcdefg
 iptables -A FORWARD -j 12345678901234567890abcdefg
 iptables -N 12345678901234567890abcdefgh
 iptables -A FORWARD -j 12345678901234567890abcdefgh
 iptables -N 12345678901234567890abcdefghi
 iptables -A FORWARD -j 12345678901234567890abcdefghi
 iptables -N 12345678901234567890abcdefghij
 iptables -A FORWARD -j 12345678901234567890abcdefghij
 iptables -N 1234567890123456789zabcdefghij
 iptables -A FORWARD -j 1234567890123456789zabcdefghij
 iptables -N abcde678901234567890abcdefghij
 iptables -A FORWARD -j abcde678901234567890abcdefghij
 iptables -N abcdesdasdasdfafasfaabcdefghij
 iptables -A FORWARD -j abcdesdasdasdfafasfaabcdefghij
 iptables -N 0bcdesdasdasdfafasfaabcdefghij
 iptables -A FORWARD -j 0bcdesdasdasdfafasfaabcdefghij
 iptables -N 0bcdesdasdasdfafasfaabcdefghi
 iptables -A FORWARD -j 0bcdesdasdasdfafasfaabcdefghi
 iptables -N 0bcdesdasdasdfafasfaabcdefgh
 iptables -A FORWARD -j 0bcdesdasdasdfafasfaabcdefgh

Bug#327007: BUG: iptables -j does not work for chains with a length >=28 (was moe infos...)

Reply via email to