From: Phil Sutter <phil@nwl.cc>
Date: Fri, 11 Jun 2021 15:08:34 +0000 (+0200)
Subject: rule: Fix for potential off-by-one in cmd_add_loc()
X-Git-Tag: v1.0.0~68
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d0a7a9adeb30708d6fbbee57476c0d4b9214dbd;p=thirdparty%2Fnftables.git

rule: Fix for potential off-by-one in cmd_add_loc()

Using num_attrs as index means it must be at max one less than the
array's size at function start.

Fixes: 27362a5bfa433 ("rule: larger number of error locations")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/src/rule.c b/src/rule.c
index dbbe744e..92daf2f3 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1275,7 +1275,7 @@ struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj,
 
 void cmd_add_loc(struct cmd *cmd, uint16_t offset, const struct location *loc)
 {
-	if (cmd->num_attrs > NFT_NLATTR_LOC_MAX)
+	if (cmd->num_attrs >= NFT_NLATTR_LOC_MAX)
 		return;
 
 	cmd->attr[cmd->num_attrs].offset = offset;