From 7462900ca1749634a7fa9325c2e71f49e13d0095 Mon Sep 17 00:00:00 2001 From: Ruben Kerkhof Date: Sat, 5 Dec 2015 15:07:40 +0100 Subject: [PATCH] iptables plugin: remove dead code ip version is either IPv4 or IPv6 CID #37962 Signed-off-by: Florian Forster --- src/iptables.c | 207 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 101 insertions(+), 106 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index 606b24d9..590b6931 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -111,132 +111,127 @@ static int iptables_config (const char *key, const char *value) ip_version = IPV4; else if (strcasecmp (key, "Chain6") == 0) ip_version = IPV6; + else + return (1); - if (( ip_version == IPV4 ) || ( ip_version == IPV6 )) - { - ip_chain_t temp, *final, **list; - char *table; - int table_len; - char *chain; - int chain_len; - - char *value_copy; - char *fields[4]; - int fields_num; - - memset (&temp, 0, sizeof (temp)); - - value_copy = strdup (value); - if (value_copy == NULL) - { - char errbuf[1024]; - ERROR ("strdup failed: %s", - sstrerror (errno, errbuf, sizeof (errbuf))); - return (1); - } + ip_chain_t temp, *final, **list; + char *table; + int table_len; + char *chain; + int chain_len; - /* - * Time to fill the temp element - * Examine value string, it should look like: - * Chain[6] [ [name]] - */ + char *value_copy; + char *fields[4]; + int fields_num; - /* set IPv4 or IPv6 */ - temp.ip_version = ip_version; + memset (&temp, 0, sizeof (temp)); - /* Chain
[ [name]] */ - fields_num = strsplit (value_copy, fields, 4); - if (fields_num < 2) - { - free (value_copy); - return (1); - } + value_copy = strdup (value); + if (value_copy == NULL) + { + char errbuf[1024]; + ERROR ("strdup failed: %s", + sstrerror (errno, errbuf, sizeof (errbuf))); + return (1); + } - table = fields[0]; - chain = fields[1]; + /* + * Time to fill the temp element + * Examine value string, it should look like: + * Chain[6]
[ [name]] + */ - table_len = strlen (table) + 1; - if ((unsigned int)table_len > sizeof(temp.table)) - { - ERROR ("Table `%s' too long.", table); - free (value_copy); - return (1); - } - sstrncpy (temp.table, table, table_len); + /* set IPv4 or IPv6 */ + temp.ip_version = ip_version; - chain_len = strlen (chain) + 1; - if ((unsigned int)chain_len > sizeof(temp.chain)) - { - ERROR ("Chain `%s' too long.", chain); - free (value_copy); - return (1); - } - sstrncpy (temp.chain, chain, chain_len); + /* Chain
[ [name]] */ + fields_num = strsplit (value_copy, fields, 4); + if (fields_num < 2) + { + free (value_copy); + return (1); + } - if (fields_num >= 3) - { - char *comment = fields[2]; - int rule = atoi (comment); - - if (rule) - { - temp.rule.num = rule; - temp.rule_type = RTYPE_NUM; - } - else - { - temp.rule.comment = strdup (comment); - if (temp.rule.comment == NULL) - { - free (value_copy); - return (1); - } - temp.rule_type = RTYPE_COMMENT; - } - } - else - { - temp.rule_type = RTYPE_COMMENT_ALL; - } + table = fields[0]; + chain = fields[1]; - if (fields_num >= 4) - sstrncpy (temp.name, fields[3], sizeof (temp.name)); + table_len = strlen (table) + 1; + if ((unsigned int)table_len > sizeof(temp.table)) + { + ERROR ("Table `%s' too long.", table); + free (value_copy); + return (1); + } + sstrncpy (temp.table, table, table_len); + chain_len = strlen (chain) + 1; + if ((unsigned int)chain_len > sizeof(temp.chain)) + { + ERROR ("Chain `%s' too long.", chain); free (value_copy); - value_copy = NULL; - table = NULL; - chain = NULL; + return (1); + } + sstrncpy (temp.chain, chain, chain_len); - list = (ip_chain_t **) realloc (chain_list, (chain_num + 1) * sizeof (ip_chain_t *)); - if (list == NULL) + if (fields_num >= 3) + { + char *comment = fields[2]; + int rule = atoi (comment); + + if (rule) + { + temp.rule.num = rule; + temp.rule_type = RTYPE_NUM; + } + else + { + temp.rule.comment = strdup (comment); + if (temp.rule.comment == NULL) { - char errbuf[1024]; - ERROR ("realloc failed: %s", - sstrerror (errno, errbuf, sizeof (errbuf))); - sfree (temp.rule.comment); + free (value_copy); return (1); } + temp.rule_type = RTYPE_COMMENT; + } + } + else + { + temp.rule_type = RTYPE_COMMENT_ALL; + } - chain_list = list; - final = (ip_chain_t *) malloc( sizeof(temp) ); - if (final == NULL) - { - char errbuf[1024]; - ERROR ("malloc failed: %s", - sstrerror (errno, errbuf, sizeof (errbuf))); - sfree (temp.rule.comment); - return (1); - } - memcpy (final, &temp, sizeof (temp)); - chain_list[chain_num] = final; - chain_num++; + if (fields_num >= 4) + sstrncpy (temp.name, fields[3], sizeof (temp.name)); - DEBUG ("Chain #%i: table = %s; chain = %s;", chain_num, final->table, final->chain); + free (value_copy); + value_copy = NULL; + table = NULL; + chain = NULL; + + list = (ip_chain_t **) realloc (chain_list, (chain_num + 1) * sizeof (ip_chain_t *)); + if (list == NULL) + { + char errbuf[1024]; + ERROR ("realloc failed: %s", + sstrerror (errno, errbuf, sizeof (errbuf))); + sfree (temp.rule.comment); + return (1); } - else + + chain_list = list; + final = (ip_chain_t *) malloc( sizeof(temp) ); + if (final == NULL) { - return (-1); + char errbuf[1024]; + ERROR ("malloc failed: %s", + sstrerror (errno, errbuf, sizeof (errbuf))); + sfree (temp.rule.comment); + return (1); } + memcpy (final, &temp, sizeof (temp)); + chain_list[chain_num] = final; + chain_num++; + + DEBUG ("Chain #%i: table = %s; chain = %s;", chain_num, final->table, final->chain); return (0); } /* int iptables_config */ -- 2.11.0