X-Git-Url: http://git.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=utils.c;h=024f95e16d5df1e1d2cc2adb399f42e589c91000;hp=a1cba7ecccee8f6b4f2f1ae34f8af3234f2a7eeb;hb=HEAD;hpb=daed0cf9831c07863e5a2a572c2dd242fe757a31 diff --git a/utils.c b/utils.c index a1cba7e..faa51a1 100644 --- a/utils.c +++ b/utils.c @@ -191,8 +191,7 @@ fw3_find_command(const char *cmd) if ((plen + clen) >= sizeof(path)) continue; - strncpy(path, search, plen); - sprintf(path + plen, "/%s", cmd); + snprintf(path, sizeof(path), "%.*s/%s", plen, search, cmd); if (!stat(path, &s) && S_ISREG(s.st_mode)) return path; @@ -316,23 +315,19 @@ fw3_command_close(void) pipe_pid = -1; } -bool -fw3_has_table(bool ipv6, const char *table) +static bool +file_contains(const char *path, const char *str) { FILE *f; - char line[12]; bool seen = false; - const char *path = ipv6 - ? "/proc/net/ip6_tables_names" : "/proc/net/ip_tables_names"; - if (!(f = fopen(path, "r"))) return false; while (fgets(line, sizeof(line), f)) { - if (!strncmp(line, table, strlen(table))) + if (!strncmp(line, str, strlen(str))) { seen = true; break; @@ -344,6 +339,14 @@ fw3_has_table(bool ipv6, const char *table) return seen; } +bool +fw3_has_target(const bool ipv6, const char *target) +{ + const char *path = ipv6 + ? "/proc/net/ip6_tables_targets" : "/proc/net/ip_tables_targets"; + + return file_contains(path, target); +} bool fw3_lock_path(int *fd, const char *path) @@ -385,7 +388,6 @@ fw3_unlock_path(int *fd, const char *lockpath) warn("Cannot release exclusive lock: %s", strerror(errno)); close(*fd); - unlink(FW3_LOCKFILE); *fd = -1; } @@ -402,7 +404,7 @@ static void write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d, struct uci_package *dest) { - char buf[sizeof("0xffffffff\0")]; + char buf[sizeof("0xffffffff")]; struct uci_ptr ptr = { .p = dest }; uci_add_section(ctx, dest, "defaults", &ptr.s); @@ -422,13 +424,13 @@ write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d, ptr.value = fw3_flag_names[d->policy_forward]; uci_set(ctx, &ptr); - sprintf(buf, "0x%x", d->flags[0]); + snprintf(buf, sizeof(buf), "0x%x", d->flags[0]); ptr.o = NULL; ptr.option = "__flags_v4"; ptr.value = buf; uci_set(ctx, &ptr); - sprintf(buf, "0x%x", d->flags[1]); + snprintf(buf, sizeof(buf), "0x%x", d->flags[1]); ptr.o = NULL; ptr.option = "__flags_v6"; ptr.value = buf; @@ -569,13 +571,29 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z, } } - sprintf(buf, "0x%x", z->flags[0]); + if (z->extra_src) + { + ptr.o = NULL; + ptr.option = "extra_src"; + ptr.value = z->extra_src; + uci_set(ctx, &ptr); + } + + if (z->extra_dest) + { + ptr.o = NULL; + ptr.option = "extra_dest"; + ptr.value = z->extra_dest; + uci_set(ctx, &ptr); + } + + snprintf(buf, sizeof(buf), "0x%x", z->flags[0]); ptr.o = NULL; ptr.option = "__flags_v4"; ptr.value = buf; uci_set(ctx, &ptr); - sprintf(buf, "0x%x", z->flags[1]); + snprintf(buf, sizeof(buf), "0x%x", z->flags[1]); ptr.o = NULL; ptr.option = "__flags_v6"; ptr.value = buf; @@ -588,7 +606,7 @@ write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s, { struct fw3_ipset_datatype *type; - char buf[sizeof("65535-65535\0")]; + char buf[sizeof("65535-65535")]; struct uci_ptr ptr = { .p = dest }; @@ -617,7 +635,7 @@ write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s, list_for_each_entry(type, &s->datatypes, list) { - sprintf(buf, "%s_%s", type->dir, fw3_ipset_type_names[type->type]); + snprintf(buf, sizeof(buf), "%s_%s", type->dir, fw3_ipset_type_names[type->type]); ptr.o = NULL; ptr.option = "match"; ptr.value = buf; @@ -634,7 +652,7 @@ write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s, if (s->portrange.set) { - sprintf(buf, "%u-%u", s->portrange.port_min, s->portrange.port_max); + snprintf(buf, sizeof(buf), "%u-%u", s->portrange.port_min, s->portrange.port_max); ptr.o = NULL; ptr.option = "portrange"; ptr.value = buf; @@ -978,7 +996,7 @@ fw3_check_loopback_dev(const char *name) return false; memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name) - 1); + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", name); if (ioctl(s, SIOCGIFFLAGS, &ifr) >= 0) { if (ifr.ifr_flags & IFF_LOOPBACK)