From cca54d5e9c3f436cd85bc55415c08bf671bfefe6 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 12 Aug 2016 01:33:35 +0200
Subject: expr/ct: prevent array index overrun in ctkey2str()

The array has NFT_CT_MAX fields, so indices must be less than that
number.

Fixes: 977b7a1dbe1bd ("ct: xml: use key names instead of numbers")
Cc: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/expr/ct.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/expr/ct.c b/src/expr/ct.c
index 7d96df4..1a53b49 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -173,7 +173,7 @@ static const char *ctkey2str_array[NFT_CT_MAX] = {
 
 static const char *ctkey2str(uint32_t ctkey)
 {
-	if (ctkey > NFT_CT_MAX)
+	if (ctkey >= NFT_CT_MAX)
 		return "unknown";
 
 	return ctkey2str_array[ctkey];
-- 
cgit v1.2.3