From c8eeefb1d33c989493bf526a53a56f1f92fb87e3 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 4 Jan 2015 23:22:57 +0100 Subject: payload: assert when accessing inner transport header Instead of segfaulting due to out of bound access access to protocol context array ctx->protocol[base].location from proto_ctx_update(). # nft add rule filter input ah nexthdr tcp nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed. Signed-off-by: Pablo Neira Ayuso --- src/payload.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/payload.c') diff --git a/src/payload.c b/src/payload.c index 83742fb0..08578fd8 100644 --- a/src/payload.c +++ b/src/payload.c @@ -85,6 +85,7 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx, base = ctx->protocol[left->payload.base].desc; desc = proto_find_upper(base, proto); + assert(left->payload.base + 1 <= PROTO_BASE_MAX); proto_ctx_update(ctx, left->payload.base + 1, &expr->location, desc); } -- cgit v1.2.3