From: Yasuyuki KOZAKAI <yasuyuki@netfilter.org>
Date: Sat, 15 Apr 2006 03:11:15 +0000 (+0000)
Subject: [IPTABLES,IP6TABLES]: check invalid esp spi range
X-Git-Tag: v1.3.6~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c627cf60cfb1a4e67aea1b2333f2a11e23fecd8;p=thirdparty%2Fiptables.git

[IPTABLES,IP6TABLES]: check invalid esp spi range
---

diff --git a/extensions/libip6t_esp.c b/extensions/libip6t_esp.c
index 29e865d4..886e09b3 100644
--- a/extensions/libip6t_esp.c
+++ b/extensions/libip6t_esp.c
@@ -61,6 +61,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis)
 
 		spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
 		spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+		if (spis[0] > spis[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "Invalid ESP spi range: %s", spistring);
 	}
 	free(buffer);
 }
diff --git a/extensions/libipt_esp.c b/extensions/libipt_esp.c
index 4abfba30..21e912b7 100644
--- a/extensions/libipt_esp.c
+++ b/extensions/libipt_esp.c
@@ -62,6 +62,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis)
 
 		spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
 		spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+		if (spis[0] > spis[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "Invalid ESP spi range: %s", spistring);
 	}
 	free(buffer);
 }