[IPTABLES,IP6TABLES]: check invalid esp spi range

diff --git a/extensions/libip6t_esp.c b/extensions/libip6t_esp.c
index 29e865d40b3cd5d20dac76e0fa68df189f3e137c..886e09b335cbf24a20d361544e86466404c2f504 100644 (file)
--- a/extensions/libip6t_esp.c
+++ b/extensions/libip6t_esp.c
@@ -61,6 +61,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis)
 
                spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
                spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+               if (spis[0] > spis[1])
+                       exit_error(PARAMETER_PROBLEM,
+                                  "Invalid ESP spi range: %s", spistring);
        }
        free(buffer);
 }

diff --git a/extensions/libipt_esp.c b/extensions/libipt_esp.c
index 4abfba307a0281b9f588edaae3441db0d874a095..21e912b7b04f5c6fbbee1803c38ce72afe180f37 100644 (file)
--- a/extensions/libipt_esp.c
+++ b/extensions/libipt_esp.c
@@ -62,6 +62,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis)
 
                spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
                spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+               if (spis[0] > spis[1])
+                       exit_error(PARAMETER_PROBLEM,
+                                  "Invalid ESP spi range: %s", spistring);
        }
        free(buffer);
 }