diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org> | 2006-04-15 03:11:15 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org> | 2006-04-15 03:11:15 +0000 |
commit | bfb6c20f3c3ad5746bdea4a2593f03fd5afbacc4 (patch) | |
tree | 24e2c7a4b15b71885a0d2288ac9757a06e18f239 /extensions | |
parent | 2dfe0f2daaae4cd97075d2a03a8830d1814ec2f3 (diff) |
[IPTABLES,IP6TABLES]: check invalid esp spi range
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libip6t_esp.c | 3 | ||||
-rw-r--r-- | extensions/libipt_esp.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/extensions/libip6t_esp.c b/extensions/libip6t_esp.c index 29e865d..886e09b 100644 --- a/extensions/libip6t_esp.c +++ b/extensions/libip6t_esp.c @@ -61,6 +61,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis) spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0; spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF; + if (spis[0] > spis[1]) + exit_error(PARAMETER_PROBLEM, + "Invalid ESP spi range: %s", spistring); } free(buffer); } diff --git a/extensions/libipt_esp.c b/extensions/libipt_esp.c index 4abfba3..21e912b 100644 --- a/extensions/libipt_esp.c +++ b/extensions/libipt_esp.c @@ -62,6 +62,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis) spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0; spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF; + if (spis[0] > spis[1]) + exit_error(PARAMETER_PROBLEM, + "Invalid ESP spi range: %s", spistring); } free(buffer); } |