]> git.ipfire.org Git - thirdparty/xtables-addons.git/commitdiff
projects / thirdparty / xtables-addons.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b0dc0e6)
xt_ipv4options: fix an infinite loop
authorEivind Naess <eivnaes@yahoo.com>
Thu, 3 Nov 2011 16:28:46 +0000 (09:28 -0700)
committerJan Engelhardt <jengelh@medozas.de>
Sat, 5 Nov 2011 14:31:00 +0000 (15:31 +0100)
doc/changelog.txt patch | blob | blame | history
extensions/xt_ipv4options.c patch | blob | blame | history

diff --git a/doc/changelog.txt b/doc/changelog.txt
index 3557175ecc94b769ce5efcc446c6cecdbeebd8a7..81fcbdceb5b5e0aebbf910b7929feab3dbc54000 100644 (file)
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -5,6 +5,7 @@ Fixes:
 - build: the code actually requires at least iptables 1.4.5 (would yield a
   compile error otherwise), make sure configure checks for it; update INSTALL
 - xt_ECHO: fix kernel warning about RTAX_HOPLIMIT being used
+- xt_ipv4options: fix an infinite loop
 Changes:
 - xt_ECHO: now calculates UDP checksum
 Enhancements:
diff --git a/extensions/xt_ipv4options.c b/extensions/xt_ipv4options.c
index 42481f771503b39e081fad4572c4b3cb1a9f3761..5e9d34ceb13b4a5470d27d198e883cee09e99032 100644 (file)
--- a/extensions/xt_ipv4options.c
+++ b/extensions/xt_ipv4options.c
@@ -20,6 +20,17 @@ static uint32_t ipv4options_rd(const uint8_t *data, int len)
        uint32_t opts = 0;
 
        while (len >= 2) {
+               switch (data[0]) {
+               case IPOPT_END:
+                       return opts;
+               case IPOPT_NOOP:
+                       --len;
+                       ++data;
+                       continue;
+               }
+
+               if (data[1] < 2 || data[1] > len)
+                       return opts;
                opts |= 1 << (data[0] & 0x1F);
                len  -= data[1];
                data += data[1];
Mirror of git://git.inai.de/xtables-addons