diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2011-08-01 20:22:04 +0200 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2011-08-01 20:28:14 +0200 |
commit | 43896add0eb9c6bc94b7323e76f137d402e0f7fe (patch) | |
tree | 282cbdf953a0a844c202dd0a5edc50eac5bc2de1 /iptables/xtoptions.c | |
parent | 41a9b481693b4c43c16d0588cc558dd455168af0 (diff) |
build: strengthen check for overlong lladdr components
ethermac[i] > UINT8_MAX is quite pointless, because ethermac[i] is
just uint8_t. To catch values that are not in the range "00"-"ff", use
a string length check (end-arg>2). I am willingly using 2 there,
because no one is going to specify an Ethernet LL address as
"0x00:0x24:0xbe:0xc2:0x7f:0x16" -- because it is always interpreted as
hexadecimal anyway even without the 0x prefix.
xtoptions.c: In function "xtopt_parse_ethermac":
xtoptions.c:760:3: warning: comparison is always false due to limited range of data type
xtoptions.c:766:2: warning: comparison is always false due to limited range of data type
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'iptables/xtoptions.c')
-rw-r--r-- | iptables/xtoptions.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/iptables/xtoptions.c b/iptables/xtoptions.c index 1423724b..7095e3ea 100644 --- a/iptables/xtoptions.c +++ b/iptables/xtoptions.c @@ -757,13 +757,13 @@ static void xtopt_parse_ethermac(struct xt_option_call *cb) for (i = 0; i < ARRAY_SIZE(cb->val.ethermac) - 1; ++i) { cb->val.ethermac[i] = strtoul(arg, &end, 16); - if (cb->val.ethermac[i] > UINT8_MAX || *end != ':') + if (*end != ':' || end - arg > 2) goto out; arg = end + 1; } i = ARRAY_SIZE(cb->val.ethermac) - 1; cb->val.ethermac[i] = strtoul(arg, &end, 16); - if (cb->val.ethermac[i] > UINT8_MAX || *end != '\0') + if (*end != '\0' || end - arg > 2) goto out; if (cb->entry->flags & XTOPT_PUT) memcpy(XTOPT_MKPTR(cb), cb->val.ethermac, |