From dbbab0aa328f136502373a1031e64eb53fa113e5 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Mon, 9 Oct 2017 15:47:39 +0200
Subject: extensions: libxt_tcpmss: Detect invalid ranges

Previously, an MSS range of e.g. 65535:1000 was silently accepted but
would then never match a packet since the kernel checks whether the MSS
value is greater than or equal to the first *and* less than or equal to
the second value.

Detect this as a parameter problem and update the man page accordingly.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libxt_tcpmss.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'extensions/libxt_tcpmss.c')

diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index c7c59717..bcd357aa 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -27,8 +27,12 @@ static void tcpmss_parse(struct xt_option_call *cb)
 	xtables_option_parse(cb);
 	mssinfo->mss_min = cb->val.u16_range[0];
 	mssinfo->mss_max = mssinfo->mss_min;
-	if (cb->nvals == 2)
+	if (cb->nvals == 2) {
 		mssinfo->mss_max = cb->val.u16_range[1];
+		if (mssinfo->mss_max < mssinfo->mss_min)
+			xtables_error(PARAMETER_PROBLEM,
+				      "tcpmss: invalid range given");
+	}
 	if (cb->invert)
 		mssinfo->invert = 1;
 }
-- 
cgit v1.2.3