git.ipfire.org Git - thirdparty/linux.git/commit

author	Ren Wei <n05ec@lzu.edu.cn>
	Wed, 25 Mar 2026 13:11:00 +0000 (14:11 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 26 Mar 2026 12:18:31 +0000 (13:18 +0100)
commit	9d3f027327c2fa265f7f85ead41294792c3296ed
tree	0a56e2ec25d1668f117b63decfd0bbdc7ebb99a9	tree \| snapshot
parent	52025ebaa29f4eb4ed8bf92ce83a68f24ab7fdf7	commit \| diff

netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()

Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS.

rt_mt6() expects addrnr to stay within the bounds of rtinfo->addrs[].
Validate addrnr during rule installation so malformed rules are rejected
before the match logic can use an out-of-range value.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Yifan Wu <yifanwucs@gmail.com>
Reported-by: Juefei Pu <tomapufckgml@gmail.com>
Co-developed-by: Yuan Tan <yuantan098@gmail.com>
Signed-off-by: Yuan Tan <yuantan098@gmail.com>
Suggested-by: Xin Liu <bird@lzu.edu.cn>
Tested-by: Yuhang Zheng <z1652074432@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>