libxtables: Reject negative port ranges

Analogous to XTTYPE_UINT*RC value parsing, assert consecutive port values are not lower than previous ones. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2024-01-25 18:14:23 +0100
committer: Phil Sutter <phil@nwl.cc> 2024-02-02 18:26:14 +0100
commit: 9d41421a887f4bc4b3ba10174cf43ee2c6b76956 (patch)
tree: e55bad97d6fdcd59ff83be8e045d92c0f978345b /libxtables/xtoptions.c
parent: 30a7f11234a81bd2389c7e7224769b1fdd192239 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c
index cecf7d35..0a995a63 100644
--- a/libxtables/xtoptions.c
+++ b/libxtables/xtoptions.c
@@ -604,7 +604,7 @@ static void xtopt_parse_mport(struct xt_option_call *cb)
 	const struct xt_option_entry *entry = cb->entry;
 	char *lo_arg, *wp_arg, *arg;
 	unsigned int maxiter;
-	int value;
+	int value, prev = 0;
 
 	wp_arg = lo_arg = xtables_strdup(cb->arg);
 
@@ -634,6 +634,11 @@ static void xtopt_parse_mport(struct xt_option_call *cb)
 			xt_params->exit_err(PARAMETER_PROBLEM,
 				"Port \"%s\" does not resolve to "
 				"anything.\n", arg);
+		if (value < prev)
+			xt_params->exit_err(PARAMETER_PROBLEM,
+				"Port range %d-%d is negative.\n",
+				prev, value);
+		prev = value;
 		if (entry->flags & XTOPT_NBO)
 			value = htons(value);
 		if (cb->nvals < ARRAY_SIZE(cb->val.port_range))
author	Phil Sutter <phil@nwl.cc>	2024-01-25 18:14:23 +0100
committer	Phil Sutter <phil@nwl.cc>	2024-02-02 18:26:14 +0100
commit	9d41421a887f4bc4b3ba10174cf43ee2c6b76956 (patch)
tree	e55bad97d6fdcd59ff83be8e045d92c0f978345b /libxtables/xtoptions.c
parent	30a7f11234a81bd2389c7e7224769b1fdd192239 (diff)