]> git.ipfire.org Git - thirdparty/iptables.git/commit
projects / thirdparty / iptables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d95c1e8) | patch
xtables: Don't read garbage in nft_ipv4_parse_payload()
authorPhil Sutter <phil@nwl.cc>
Wed, 19 Sep 2018 13:17:06 +0000 (15:17 +0200)
committerFlorian Westphal <fw@strlen.de>
Mon, 24 Sep 2018 09:50:00 +0000 (11:50 +0200)
commit11e91a4875b443450dc08951efd6a595d3f5df2e
treee7d0caf1ee115b4346c78e876fad179780eafb9btree | snapshot
parentd95c1e8b65c4ec66b8fcd2f7ede257853a888750commit | diff
xtables: Don't read garbage in nft_ipv4_parse_payload()

The problem here is that get_frag() does not set 'inv' in any case, so
when later checking its value, garbage may be read. Sanitize this case
by setting 'inv' to false before calling get_frag().

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
iptables/nft-ipv4.c diff | blob | blame | history
Mirror of git://git.netfilter.org/iptables