check for invalid port ranges (Thomas Poehnitz)

4 files changed, 16 insertions, 0 deletions

diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c
index 8e54dc44..1bf1d198 100644
--- a/extensions/libip6t_tcp.c
+++ b/extensions/libip6t_tcp.c
@@ -77,6 +77,10 @@ parse_tcp_ports(const char *portstring, u_int16_t *ports)
 
 		ports[0] = buffer[0] ? parse_tcp_port(buffer) : 0;
 		ports[1] = cp[0] ? parse_tcp_port(cp) : 0xFFFF;
+		
+		if (ports[0] > ports[1])
+			exit_error(PARAMETER_PROBLEM, 
+				   "invalid portrange (min > max)");
 	}
 	free(buffer);
 }
diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c
index fb0505e8..a2e2fe64 100644
--- a/extensions/libip6t_udp.c
+++ b/extensions/libip6t_udp.c
@@ -69,6 +69,10 @@ parse_udp_ports(const char *portstring, u_int16_t *ports)
 
 		ports[0] = buffer[0] ? parse_udp_port(buffer) : 0;
 		ports[1] = cp[0] ? parse_udp_port(cp) : 0xFFFF;
+
+		if (ports[0] > ports[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "invalid portrange (min > max)");
 	}
 	free(buffer);
 }
diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c
index acf60501..1ff8f12e 100644
--- a/extensions/libipt_tcp.c
+++ b/extensions/libipt_tcp.c
@@ -77,6 +77,10 @@ parse_tcp_ports(const char *portstring, u_int16_t *ports)
 
 		ports[0] = buffer[0] ? parse_tcp_port(buffer) : 0;
 		ports[1] = cp[0] ? parse_tcp_port(cp) : 0xFFFF;
+
+		if (ports[0] > ports[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "invalid portrange (min > max)");
 	}
 	free(buffer);
 }
diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c
index 622fb436..ccea2105 100644
--- a/extensions/libipt_udp.c
+++ b/extensions/libipt_udp.c
@@ -69,6 +69,10 @@ parse_udp_ports(const char *portstring, u_int16_t *ports)
 
 		ports[0] = buffer[0] ? parse_udp_port(buffer) : 0;
 		ports[1] = cp[0] ? parse_udp_port(cp) : 0xFFFF;
+
+		if (ports[0] > ports[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "invalid portrange (min > max)");
 	}
 	free(buffer);
 }