On Thu, Dec 12, 2019 at 06:45:35PM +0100, Phil Sutter wrote:
> Hi Pablo,
> 
> On Thu, Dec 12, 2019 at 06:14:55PM +0100, Pablo Neira Ayuso wrote:
> [...]
> > diff --git a/src/main.c b/src/main.c
> > index fde8b15c5870..c96953e3cd2f 100644
> > --- a/src/main.c
> > +++ b/src/main.c
> > @@ -202,29 +202,107 @@ static const struct {
> >  	},
> >  };
> >  
> > +struct nft_opts {
> > +	char		**argv;
> > +	int		argc;
> > +};
> > +
> > +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> > +{
> > +	uint32_t scope = 0;
> > +	char *new_argv;
> > +	int i;
> > +
> > +	opts->argv = calloc(argc + 1, sizeof(char *));
> > +	if (!opts->argv)
> > +		return -1;
> > +
> > +	for (i = 0; i < argc; i++) {
> > +		if (scope > 0) {
> > +			if (argv[i][0] == '-') {
> > +				new_argv = malloc(strlen(argv[i]) + 2);
> > +				if (!new_argv)
> > +					return -1;
> > +
> > +				sprintf(new_argv, "\\-%s", &argv[i][1]);
> > +				opts->argv[opts->argc++] = new_argv;
> > +				continue;
> > +			}
> > +		} else if (argv[i][0] == '{') {
> > +			scope++;
> > +		} else if (argv[i][0] == '}') {
> > +			scope--;
> > +		}
> 
> This first char check is not reliable, bison accepts commands which lack
> spaces in the relevant places:
> 
> | # nft add chain inet t c{ type filter hook input priority filter\; }
> | # echo $?
> | 0

Yes, it won't catch that case. Do you think it is worth going further
in this preprocessing?

Incremental patch on top of this one is attached to this email.