]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d03de76) | patch
segtree: wrong prefix expression length on interval_map_decompose()
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 13 Dec 2016 00:17:52 +0000 (01:17 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 13 Dec 2016 00:28:02 +0000 (01:28 +0100)
commit043a272e887f17290efb4b5eda1f7b01b6bb2340
tree1c8bf34aff277b055c59287cba77992fbc7ca4f8tree
parentd03de764e498954a08251dee9e820347ad177970commit | diff
segtree: wrong prefix expression length on interval_map_decompose()

interval_map_decompose() sets expr->len to zero. This causes problems
from expr_to_intervals() that calls range_expr_value_high() and
calculates:

 expr->len - expr->prefix_len

this operation underflows, then mpz_init_bitmask() allocates a huge
bitmask.

Use expr_value(i)->len given that we already use this to calculate the
prefix length.

Reported-by: Richard Mörbitz <richard.moerbitz@tu-dresden.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/segtree.c diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables