31 lines
936 B
Diff
31 lines
936 B
Diff
From bfd41c8d99a54769678e0c66d55797082bf1edd3 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Mon, 10 Sep 2018 23:35:15 +0200
|
|
Subject: ebtables: Fix for potential array boundary overstep
|
|
|
|
Fix the parameter check in nft_ebt_standard_target() to avoid an array
|
|
out of bounds access in ebt_standard_targets.
|
|
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
---
|
|
iptables/nft-bridge.h | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
|
|
index 1fe26bab..9d49ccbe 100644
|
|
--- a/iptables/nft-bridge.h
|
|
+++ b/iptables/nft-bridge.h
|
|
@@ -78,7 +78,7 @@ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
|
|
|
|
static inline const char *nft_ebt_standard_target(unsigned int num)
|
|
{
|
|
- if (num > NUM_STANDARD_TARGETS)
|
|
+ if (num >= NUM_STANDARD_TARGETS)
|
|
return NULL;
|
|
|
|
return ebt_standard_targets[num];
|
|
--
|
|
cgit v1.2.1
|
|
|