diff options
author | Phil Sutter <phil@nwl.cc> | 2018-09-10 23:35:15 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-13 10:47:59 +0200 |
commit | bfd41c8d99a54769678e0c66d55797082bf1edd3 (patch) | |
tree | 2b4a5533b97f4d073c9931bc81ae65117226bf32 /iptables/nft-bridge.h | |
parent | e6f986762667ee2b2d61e7978d460f28916158a3 (diff) |
ebtables: Fix for potential array boundary overstep
Fix the parameter check in nft_ebt_standard_target() to avoid an array
out of bounds access in ebt_standard_targets.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-bridge.h')
-rw-r--r-- | iptables/nft-bridge.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h index 1fe26bab..9d49ccbe 100644 --- a/iptables/nft-bridge.h +++ b/iptables/nft-bridge.h @@ -78,7 +78,7 @@ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = { static inline const char *nft_ebt_standard_target(unsigned int num) { - if (num > NUM_STANDARD_TARGETS) + if (num >= NUM_STANDARD_TARGETS) return NULL; return ebt_standard_targets[num]; |