From: Florian Westphal <fw@strlen.de>
Date: Thu, 15 Feb 2018 14:26:31 +0000 (+0100)
Subject: payload: don't decode past last valid template
X-Git-Tag: v0.8.3~36
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9428e67fca288e4f34dbb6c0dfe42ebc48c9ad1;p=thirdparty%2Fnftables.git

payload: don't decode past last valid template

When trying to decode payload header fields, be sure to bail out
when having exhausted all available templates.

Otherwise, we allocate invalid payload expressions (no dataype,
header length of 0) and then crash when trying to print them.

Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=1226
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/payload.c b/src/payload.c
index 6e762ff3..7ca170ed 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -662,6 +662,10 @@ void payload_expr_expand(struct list_head *list, struct expr *expr,
 
 	for (i = 1; i < array_size(desc->templates); i++) {
 		tmpl = &desc->templates[i];
+
+		if (tmpl->len == 0)
+			break;
+
 		if (tmpl->offset != expr->payload.offset)
 			continue;