payload: assert when accessing inner transport header

Instead of segfaulting due to out of bound access access to protocol context array ctx->protocol[base].location from proto_ctx_update(). # nft add rule filter input ah nexthdr tcp nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-01-04 23:22:57 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-01-04 23:27:00 +0100
commit: c8eeefb1d33c989493bf526a53a56f1f92fb87e3 (patch)
tree: 2211776d75e43671a454536d633da48896fd4dca /src/payload.c
parent: 25851df85e85d91469ce7aa03f1eaaa5ff2c9245 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/payload.c b/src/payload.c
index 83742fb0..08578fd8 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -85,6 +85,7 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
 	base = ctx->protocol[left->payload.base].desc;
 	desc = proto_find_upper(base, proto);
 
+	assert(left->payload.base + 1 <= PROTO_BASE_MAX);
 	proto_ctx_update(ctx, left->payload.base + 1, &expr->location, desc);
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-01-04 23:22:57 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-01-04 23:27:00 +0100
commit	c8eeefb1d33c989493bf526a53a56f1f92fb87e3 (patch)
tree	2211776d75e43671a454536d633da48896fd4dca /src/payload.c
parent	25851df85e85d91469ce7aa03f1eaaa5ff2c9245 (diff)