[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

iptables etch release

Hi Release Team,

A couple of regressions occurred with iptables. They're both set at
severity normal, but I believe they are important.

The bug reported as 397712 broke the rename-chain command line option.
It was fixed upstream and is in 1.3.6.0debian1-2.

====
diff -Nur old/iptables_profectio/ip6tables.c new/iptables_profectio/ip6tables.c
--- old/iptables-1.3.6-orig/ip6tables.c 2006-09-28 18:40:36.000000000 +0200
+++ new/iptables_profectio/ip6tables.c  2006-11-09 08:37:46.000000000 +0100
@@ -170,7 +170,6 @@
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x'},
-/*CHECK*/     {'x','+','+','+','x',' ','x',' ',' ','x','x'},
/*RENAME*/    {'x','x','x','x','x',' ','x','x','x','x','x'}
};

diff -Nur old/iptables_profectio/iptables.c new/iptables_profectio/iptables.c
--- old/iptables_profectio/iptables.c   2006-09-28 18:40:36.000000000 +0200
+++ new/iptables_profectio/iptables.c   2006-11-09 08:37:58.000000000 +0100
@@ -171,7 +171,6 @@
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x','x'},
-/*CHECK*/     {'x','+','+','+','x',' ','x',' ',' ',' ','x','x'},
/*RENAME*/    {'x','x','x','x','x',' ','x','x','x','x','x','x'}
};
====

The bug reported in 398082 breaks parsing of network groups from
/etc/networks. 399177 also says it affects names from /etc/hosts, but
I haven't verified that. I wrote a small fix that needs to be verified
by someone who actually knows C. I reported the problem[1] and posted
my fix[2] to the upstream mailing list. No one else offered a fix.
Mine appears to work fine.

====
--- iptables.c.ORIG     2006-11-18 16:40:30.902915398 -0500
+++ iptables.c  2006-11-18 16:38:31.549789934 -0500
@@ -696,13 +696,15 @@
       char buf[256];
       char *p;
       int i, j, k, n;
+       char *vipchars = "0123456789.\0";

       strncpy(buf, name, sizeof(buf) - 1);
       buf[sizeof(buf) - 1] = '\0';
       if ((p = strrchr(buf, '/')) != NULL) {
               *p = '\0';
               addrp = parse_mask(p + 1);
-               if (strrchr(p + 1, '.') == NULL)
+               if (strrchr(p + 1, '.') == NULL
+                 && strspn(buf,vipchars) == strlen(buf))
                       pad_cidr(buf);
       } else
               addrp = parse_mask(NULL);
====


I would really like to see both fixes implemented.

Thanks for the consideration.


1. http://lists.netfilter.org/pipermail/netfilter-devel/2006-November/026051.html
2. http://lists.netfilter.org/pipermail/netfilter-devel/2006-November/026109.html
Reply to: