From: Phil Sutter <phil@nwl.cc>
Date: Mon, 10 Sep 2018 21:35:15 +0000 (+0200)
Subject: ebtables: Fix for potential array boundary overstep
X-Git-Tag: v1.8.1~46
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bfd41c8d99a54769678e0c66d55797082bf1edd3;p=thirdparty%2Fiptables.git

ebtables: Fix for potential array boundary overstep

Fix the parameter check in nft_ebt_standard_target() to avoid an array
out of bounds access in ebt_standard_targets.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
index 1fe26bab..9d49ccbe 100644
--- a/iptables/nft-bridge.h
+++ b/iptables/nft-bridge.h
@@ -78,7 +78,7 @@ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
 
 static inline const char *nft_ebt_standard_target(unsigned int num)
 {
-	if (num > NUM_STANDARD_TARGETS)
+	if (num >= NUM_STANDARD_TARGETS)
 		return NULL;
 
 	return ebt_standard_targets[num];