extensions: libxt_tcpmss: Detect invalid ranges

Previously, an MSS range of e.g. 65535:1000 was silently accepted but
would then never match a packet since the kernel checks whether the MSS
value is greater than or equal to the first *and* less than or equal to
the second value.

Detect this as a parameter problem and update the man page accordingly.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index c7c59717162946c333b71675c75eb7fd5cf62915..bcd357aa3d8e293b0f183c21925dadacf20c6066 100644 (file)
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -27,8 +27,12 @@ static void tcpmss_parse(struct xt_option_call *cb)
        xtables_option_parse(cb);
        mssinfo->mss_min = cb->val.u16_range[0];
        mssinfo->mss_max = mssinfo->mss_min;
-       if (cb->nvals == 2)
+       if (cb->nvals == 2) {
                mssinfo->mss_max = cb->val.u16_range[1];
+               if (mssinfo->mss_max < mssinfo->mss_min)
+                       xtables_error(PARAMETER_PROBLEM,
+                                     "tcpmss: invalid range given");
+       }
        if (cb->invert)
                mssinfo->invert = 1;
 }

diff --git a/extensions/libxt_tcpmss.man b/extensions/libxt_tcpmss.man
index 8ee715cdbfb07dfa5e8ba4ff235eca26ceb13e7a..8253c363418f818aa5350876a6f7ab9ca3e47a5e 100644 (file)
--- a/extensions/libxt_tcpmss.man
+++ b/extensions/libxt_tcpmss.man
@@ -1,4 +1,4 @@
 This matches the TCP MSS (maximum segment size) field of the TCP header.  You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only negotiated during the TCP handshake at connection startup time.
 .TP
 [\fB!\fP] \fB\-\-mss\fP \fIvalue\fP[\fB:\fP\fIvalue\fP]
-Match a given TCP MSS value or range.
+Match a given TCP MSS value or range. If a range is given, the second \fIvalue\fP must be greater than or equal to the first \fIvalue\fP.