From a2911408959d7e86bc4bad4f1be2551a19ad125c Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 9 Apr 2024 13:18:12 +0200
Subject: [PATCH] xshared: Fix parsing of empty string arg in '-c' option

Calling iptables with '-c ""' resulted in a call to strchr() with an
invalid pointer as 'optarg + 1' points to past the buffer. The most
simple fix is to drop the offset: The global optstring part specifies a
single colon after 'c', so getopt() enforces a valid pointer in optarg.
If it contains a comma at first position, packet counter value parsing
will fail so all cases are covered.

Reported-by: gorbanev.es@gmail.com
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1741
Fixes: 60a6073690a45 ("Make --set-counters (-c) accept comma separated counters")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/iptables.t | 5 +++++
 iptables/xshared.c    | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/extensions/iptables.t b/extensions/iptables.t
index b4b6d677..5d6d3d15 100644
--- a/extensions/iptables.t
+++ b/extensions/iptables.t
@@ -4,3 +4,8 @@
 -i eth+ -o alongifacename+;=;OK
 ! -i eth0;=;OK
 ! -o eth+;=;OK
+-c "";;FAIL
+-c ,3;;FAIL
+-c 3,;;FAIL
+-c ,;;FAIL
+-c 2,3 -j ACCEPT;-j ACCEPT;OK
diff --git a/iptables/xshared.c b/iptables/xshared.c
index b998dd75..b1997ea3 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1755,7 +1755,7 @@ void do_parse(int argc, char *argv[],
 			set_option(&cs->options, OPT_COUNTERS, &args->invflags,
 				   invert);
 			args->pcnt = optarg;
-			args->bcnt = strchr(args->pcnt + 1, ',');
+			args->bcnt = strchr(args->pcnt, ',');
 			if (args->bcnt)
 			    args->bcnt++;
 			if (!args->bcnt && xs_has_arg(argc, argv))
-- 
2.43.4