tag 134518 upstream tag 134518 patch thanks This report is fowarded from the Debian Bug Tracking system. The problem and patch have been verified with iptables 1.2.5. Please carbon copy replies to [EMAIL PROTECTED]
This specific BTS report is: http://bugs.debian.org/134518 All Debian BTS iptables reports: http://bugs.debian.org/iptables Thanks. === Package: iptables Version: 1.2.5-1 When invoked with -p proto_num option, iptables receives SIGSEGV if proto_num is not listed in /etc/protocols. Here is a transcript: $ iptables -A INPUT -p 7 --destination-port 139 -j DNAT --to-destination 192.168.200.202:139 Segmentation fault $ This problem occures because find_proto function passes the return value of proto_to_name to find_match in iptables.c without checking for NULL value. The following patch should solve the problem: --- iptables-1.2.5/iptables.c Mon Feb 18 02:22:06 2002 +++ iptables-1.2.5-mod/iptables.c Mon Feb 18 02:25:10 2002 @@ -690,7 +690,15 @@ unsigned int proto; if (string_to_number(pname, 0, 255, &proto) != -1) - return find_match(proto_to_name(proto, nolookup), tryload); + { + char *protname = proto_to_name(proto, nolookup); + if(protname) + return find_match(protname, tryload); + else + exit_error(PARAMETER_PROBLEM, + "unknown protocol number `%s' specified", + pname); + } return find_match(pname, tryload); } (apply with -p1 switch). #-- Marek Wiacek ===
