]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 25851df)
payload: assert when accessing inner transport header
authorPablo Neira Ayuso <pablo@netfilter.org>
Sun, 4 Jan 2015 22:22:57 +0000 (23:22 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sun, 4 Jan 2015 22:27:00 +0000 (23:27 +0100)
Instead of segfaulting due to out of bound access access to protocol
context array ctx->protocol[base].location from proto_ctx_update().

 # nft add rule filter input ah nexthdr tcp
 nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/payload.c patch | blob | blame | history

diff --git a/src/payload.c b/src/payload.c
index 83742fb079fb021b10d0ca828d4342f9890d232e..08578fd86b22eb40d36910a7604751b193959ba2 100644 (file)
--- a/src/payload.c
+++ b/src/payload.c
@@ -85,6 +85,7 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
        base = ctx->protocol[left->payload.base].desc;
        desc = proto_find_upper(base, proto);
 
+       assert(left->payload.base + 1 <= PROTO_BASE_MAX);
        proto_ctx_update(ctx, left->payload.base + 1, &expr->location, desc);
 }
 
Mirror of git://git.netfilter.org/nftables