From 38a46caa55ffe1ffee662503ac8abb57522baaa3 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 18 Aug 2015 18:51:50 +0200
Subject: conntrackd: fix sanitization of expection attribute in the wire
 format

The maximum number of attribute is NTA_EXP_MAX for expectation sync messages.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/parse.c b/src/parse.c
index f3ec6ac..878e354 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -510,7 +510,7 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain)
 		ATTR_NETWORK2HOST(attr);
 		if (attr->nta_len > len)
 			goto err;
-		if (attr->nta_attr > NTA_MAX)
+		if (attr->nta_attr >= NTA_EXP_MAX)
 			goto err;
 		if (attr->nta_len < NTA_LENGTH(0))
 			goto err;
-- 
cgit v1.2.3