iptables: fix regression with unintended free in need_protomatch

[project/firewall3.git] / ipsets.c

diff --git a/ipsets.c b/ipsets.c
index 280845b9b7105c7aff6ec7b320cc647f01a7e775..e7cde16e930a438c8850a79b51b0e0cac65171bf 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -16,6 +16,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <ctype.h>
+
 #include "ipsets.h"
 
 
@@ -264,6 +266,7 @@ fw3_alloc_ipset(struct fw3_state *state)
        ipset->enabled    = true;
        ipset->family     = FW3_FAMILY_V4;
        ipset->reload_set = false;
+       ipset->timeout    = -1; /* no timeout by default */
 
        list_add_tail(&ipset->list, &state->ipsets);
 
@@ -337,6 +340,7 @@ load_file(struct fw3_ipset *ipset)
 {
        FILE *f;
        char line[128];
+       char *p;
 
        if (!ipset->loadfile)
                return;
@@ -350,8 +354,13 @@ load_file(struct fw3_ipset *ipset)
                return;
        }
 
-       while (fgets(line, sizeof(line), f))
-               fw3_pr("add %s %s", ipset->name, line);
+       while (fgets(line, sizeof(line), f)) {
+               p = line;
+               while (isspace(*p))
+                       p++;
+               if (*p && *p != '#')
+                       fw3_pr("add %s %s", ipset->name, line);
+       }
 
        fclose(f);
 }
@@ -387,7 +396,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
                       ipset->portrange.port_min, ipset->portrange.port_max);
        }
 
-       if (ipset->timeout > 0)
+       if (ipset->timeout >= 0)
                fw3_pr(" timeout %u", ipset->timeout);
 
        if (ipset->maxelem > 0)