From d9eb4be3e43b3e43c2d3d029cadbd4af7af409bf Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Tue, 16 Oct 2018 15:02:58 +0900 Subject: [PATCH 1/1] Check insert option when iptables commit Change-Id: Iabf6dfda8008ebe93ce81cf3bab07c2eaef7a99c Signed-off-by: hyunuktak --- include/stc-manager.h | 1 + src/monitor/stc-monitor-proc.c | 1 - src/stc-firewall.c | 0 src/stc-manager.c | 7 +++++++ src/stc-restriction.c | 0 5 files changed, 8 insertions(+), 1 deletion(-) mode change 100755 => 100644 src/stc-firewall.c mode change 100755 => 100644 src/stc-manager.c mode change 100755 => 100644 src/stc-restriction.c diff --git a/include/stc-manager.h b/include/stc-manager.h index 1658bc6..9496953 100644 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -36,6 +36,7 @@ #define STC_IPTABLES "/usr/sbin/iptables" #define STC_IP6TABLES "/usr/sbin/ip6tables" +#define STC_CMD_INSERT "-I" #define STC_CMD_SIZE 256 #define STC_DEBUG_LOG (stc_util_get_debuglog()) diff --git a/src/monitor/stc-monitor-proc.c b/src/monitor/stc-monitor-proc.c index 8bd13a7..e3d2457 100755 --- a/src/monitor/stc-monitor-proc.c +++ b/src/monitor/stc-monitor-proc.c @@ -38,7 +38,6 @@ static void __proc_remove_pid(gpointer key, gpointer value, { stc_app_value_s *app_value = (stc_app_value_s *)value; remove_pid_context_s *context = (remove_pid_context_s *)data; - guint pid_count = 0; if (!g_hash_table_remove(app_value->processes, GUINT_TO_POINTER(context->pid))) return; diff --git a/src/stc-firewall.c b/src/stc-firewall.c old mode 100755 new mode 100644 diff --git a/src/stc-manager.c b/src/stc-manager.c old mode 100755 new mode 100644 index 7b4876a..a61a8ac --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -178,6 +178,13 @@ int stc_commit_iptables(char *cmd, int *err_num, char **err_str) if (pid == 0) { errno = 0; + + if (!g_strcmp0(args[1], STC_CMD_INSERT)) { + STC_LOGE("Invalid arguments"); + g_strfreev(args); + exit(-1); + } + if (execv(args[0], args) == -1) { STC_LOGE("Failed to execute [%s]", *err_str); g_strfreev(args); diff --git a/src/stc-restriction.c b/src/stc-restriction.c old mode 100755 new mode 100644 -- 2.7.4