Skip to content

Commit 74c1fe5

Browse files
mhaasmhaas
authored
Merge pull request #204 from acv/issue-202
Allow interface names longer then max chain
2 parents 0b0a9b0 + ddd7a82 commit 74c1fe5

File tree

2 files changed

+22
-14
lines changed

2 files changed

+22
-14
lines changed

src/fw_iptables.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ iptables_insert_gateway_id(char **input)
7171
char *token;
7272
const s_config *config;
7373
char *buffer;
74+
char *tmp_intf;
7475

7576
if (strstr(*input, "$ID$") == NULL)
7677
return;
@@ -80,9 +81,14 @@ iptables_insert_gateway_id(char **input)
8081
memcpy(token, "%1$s", 4);
8182

8283
config = config_get_config();
83-
safe_asprintf(&buffer, *input, config->gw_interface);
84+
tmp_intf = safe_strdup(config->gw_interface);
85+
if (strlen(tmp_intf) > CHAIN_NAME_MAX_LEN) {
86+
*(tmp_intf + CHAIN_NAME_MAX_LEN) = '\0';
87+
}
88+
safe_asprintf(&buffer, *input, tmp_intf);
8489

85-
free(*input);
90+
free(tmp_intf);
91+
free(*input); /* Not an error, input from safe_asprintf */
8692
*input = buffer;
8793
}
8894

src/fw_iptables.h

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -30,20 +30,22 @@
3030

3131
#include "firewall.h"
3232

33+
#define CHAIN_NAME_MAX_LEN 15 /* 28 (actual max) - 13 (AuthServers chain fixed part. */
34+
3335
/*@{*/
3436
/**Iptable chain names used by WifiDog */
35-
#define CHAIN_OUTGOING "WiFiDog_$ID$_Outgoing"
36-
#define CHAIN_TO_INTERNET "WiFiDog_$ID$_Internet"
37-
#define CHAIN_TO_ROUTER "WiFiDog_$ID$_Router"
38-
#define CHAIN_INCOMING "WiFiDog_$ID$_Incoming"
39-
#define CHAIN_AUTHSERVERS "WiFiDog_$ID$_AuthServers"
40-
#define CHAIN_GLOBAL "WiFiDog_$ID$_Global"
41-
#define CHAIN_VALIDATE "WiFiDog_$ID$_Validate"
42-
#define CHAIN_KNOWN "WiFiDog_$ID$_Known"
43-
#define CHAIN_UNKNOWN "WiFiDog_$ID$_Unknown"
44-
#define CHAIN_LOCKED "WiFiDog_$ID$_Locked"
45-
#define CHAIN_TRUSTED "WiFiDog_$ID$_Trusted"
46-
#define CHAIN_AUTH_IS_DOWN "WiFiDog_$ID$_AuthIsDown"
37+
#define CHAIN_OUTGOING "WD_$ID$_Outgoing"
38+
#define CHAIN_TO_INTERNET "WD_$ID$_Internet"
39+
#define CHAIN_TO_ROUTER "WD_$ID$_Router"
40+
#define CHAIN_INCOMING "WD_$ID$_Incoming"
41+
#define CHAIN_AUTHSERVERS "WD_$ID$_AuthServs" /* Longest chain, 13 chars ecluding ID */
42+
#define CHAIN_GLOBAL "WD_$ID$_Global"
43+
#define CHAIN_VALIDATE "WD_$ID$_Validate"
44+
#define CHAIN_KNOWN "WD_$ID$_Known"
45+
#define CHAIN_UNKNOWN "WD_$ID$_Unknown"
46+
#define CHAIN_LOCKED "WD_$ID$_Locked"
47+
#define CHAIN_TRUSTED "WD_$ID$_Trusted"
48+
#define CHAIN_AUTH_IS_DOWN "WD_$ID$_AuthDown"
4749
/*@}*/
4850

4951
/** Used by iptables_fw_access to select if the client should be granted of denied access */

0 commit comments

Comments
 (0)