Fixed commit made option checking overly strict: Some commands may be
commbined (foremost --list and --zero), reject a given option only if it
is not allowed by any of the given commands.
Reported-by: Adam Nielsen <a.nielsen@xxxxxxxxxxx>
Fixes: 9c09d28102bb4 ("xshared: Simplify generic_opt_check()")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/xshared.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iptables/xshared.c b/iptables/xshared.c
index cdfd11ab2f279..fc61e0fd832bd 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -980,7 +980,7 @@ static void generic_opt_check(struct xt_cmd_parse_ops *ops,
*/
for (i = 0, optval = 1; i < NUMBER_OF_OPT; optval = (1 << ++i)) {
if ((options & optval) &&
- (options_v_commands[i] & command) != command)
+ !(options_v_commands[i] & command))
xtables_error(PARAMETER_PROBLEM,
"Illegal option `%s' with this command",
ops->option_name(optval));
--
2.49.0
