X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=zones.c;h=4c17c6800cc3d8738038800b8fbd8f8d8f2421a5;hp=979d150e56080719c67da43ef2029fc158c86c80;hb=4ecfb8f6fe4920fd1c6904b1ca8730e746111b00;hpb=f12271d15da3796c558b6649e97dad988ae2c057

diff --git a/zones.c b/zones.c
index 979d150..4c17c68 100644
--- a/zones.c
+++ b/zones.c
@@ -189,6 +189,14 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 			continue;
 		}
 
+		if (strlen(zone->name) > FW3_ZONE_MAXNAMELEN)
+		{
+			warn_elem(e, "must not have a name longer than %u characters",
+			             FW3_ZONE_MAXNAMELEN);
+			fw3_free_zone(zone);
+			continue;
+		}
+
 		if (list_empty(&zone->networks) && list_empty(&zone->devices) &&
 		    list_empty(&zone->subnets) && !zone->extra_src)
 		{
@@ -574,7 +582,7 @@ fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state,
 		for (c = zone_chains; c->format; c++)
 		{
 			/* don't touch user chains on selective stop */
-			if (reload && hasbit(c->flag, FW3_FLAG_CUSTOM_CHAINS))
+			if (reload && c->flag == FW3_FLAG_CUSTOM_CHAINS)
 				continue;
 
 			if (!fw3_is_family(c, handle->family))
@@ -583,6 +591,9 @@ fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			if (c->table != handle->table)
 				continue;
 
+			if (c->flag && !has(z->flags, handle->family, c->flag))
+				continue;
+
 			snprintf(chain, sizeof(chain), c->format, z->name);
 			fw3_ipt_delete_rules(handle, chain);
 			fw3_ipt_delete_chain(handle, chain);