Index: packetbl.c ================================================================== --- packetbl.c +++ packetbl.c @@ -74,10 +74,12 @@ # define PBL_COPY_PACKET NFQNL_COPY_PACKET # define PBL_ID_T u_int32_t # define PBL_ERRSTR "" #define DEBUG(x, y) if (conf.debug >= x) { printf(y "\n"); } +#define INVALID_OCTET(x) x < 0 || x > 255 + struct packet_info { uint8_t b1; uint8_t b2; uint8_t b3; @@ -217,11 +219,11 @@ } /* * SYNOPSIS: - * void daeomize(void); + * void daemonize(void); * * NOTES: * This function accomplishes everything needed to become a daemon. * Including closing standard in/out/err and forking. * It returns nothing, on failure the program must abort. @@ -536,11 +538,11 @@ struct nfq_data *nfa, void *data) { int ret; int id; struct nfqnl_msg_packet_hdr *ph; - char *nfdata; + unsigned char *nfdata; struct packet_info ip; DEBUG(2, "Entering callback"); if (ph = nfq_get_msg_packet_hdr(nfa)) { @@ -1157,11 +1159,12 @@ * */ int parse_cidr(struct config_entry *ce) { int sep = 0; // which separator we're on. - char *counter, *c1; + int i = 0; + char *counter, *c1, *numptr; char number[BUFFERSIZE]; if (ce == NULL) { return -1; } @@ -1175,39 +1178,33 @@ case '.': case '/': // separator strncpy(number, c1, (int)(counter - c1)); number[(int)(counter - c1)] = '\0'; + i = atoi(number); switch(sep) { case 0: - ce->ip.b1 = atoi(number); - if (ce->ip.b1 < 0 || - ce->ip.b1 > 255) { - return -1; - } + numptr = &ce->ip.b1; break; case 1: - ce->ip.b2 = atoi(number); - if (ce->ip.b2 < 0 || - ce->ip.b2 > 255) { - return -1; - } + numptr = &ce->ip.b2; break; case 2: - ce->ip.b3 = atoi(number); - if (ce->ip.b3 < 0 || - ce->ip.b3 > 255) { - return -1; - } + numptr = &ce->ip.b3; break; case 3: - ce->ip.b4 = atoi(number); - if (ce->ip.b4 < 0 || - ce->ip.b4 > 255) { - return -1; - } + numptr = &ce->ip.b4; break; + default: + /* shouldn't happen. + FIXME: add error */ + ; + + } + ce->ip.b1 = i; + if (INVALID_OCTET(*numptr)) { + return -1; } sep++; c1 = counter + 1; break; case '0':