diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-04 23:22:57 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-04 23:27:00 +0100 |
commit | c8eeefb1d33c989493bf526a53a56f1f92fb87e3 (patch) | |
tree | 2211776d75e43671a454536d633da48896fd4dca /src | |
parent | 25851df85e85d91469ce7aa03f1eaaa5ff2c9245 (diff) |
payload: assert when accessing inner transport header
Instead of segfaulting due to out of bound access access to protocol
context array ctx->protocol[base].location from proto_ctx_update().
# nft add rule filter input ah nexthdr tcp
nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/payload.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/payload.c b/src/payload.c index 83742fb0..08578fd8 100644 --- a/src/payload.c +++ b/src/payload.c @@ -85,6 +85,7 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx, base = ctx->protocol[left->payload.base].desc; desc = proto_find_upper(base, proto); + assert(left->payload.base + 1 <= PROTO_BASE_MAX); proto_ctx_update(ctx, left->payload.base + 1, &expr->location, desc); } |