]> git.ipfire.org Git - thirdparty/libnftnl.git/commitdiff
projects / thirdparty / libnftnl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d29f082)
expr/ct: prevent array index overrun in ctkey2str()
authorPhil Sutter <phil@nwl.cc>
Thu, 11 Aug 2016 23:33:35 +0000 (01:33 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 11 Aug 2016 23:45:40 +0000 (01:45 +0200)
The array has NFT_CT_MAX fields, so indices must be less than that
number.

Fixes: 977b7a1dbe1bd ("ct: xml: use key names instead of numbers")
Cc: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/expr/ct.c patch | blob | blame | history

diff --git a/src/expr/ct.c b/src/expr/ct.c
index 7d96df4e1d5b0032cffe1f17fe892f0e50481bfb..1a53b49fde0ad97c8f588e7d4ac4f7d2c75e988c 100644 (file)
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -173,7 +173,7 @@ static const char *ctkey2str_array[NFT_CT_MAX] = {
 
 static const char *ctkey2str(uint32_t ctkey)
 {
-       if (ctkey > NFT_CT_MAX)
+       if (ctkey >= NFT_CT_MAX)
                return "unknown";
 
        return ctkey2str_array[ctkey];
Mirror of https://git.netfilter.org/libnftnl