From aa36f86194a51c776810ced5c3a6dcead30243fa Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 13 Dec 2008 19:45:53 +0100
Subject: sync-mode: check if message type is >= NET_T_STATE_MAX before parsing

This patch adds a message-type checking before we parse the message.
Thus, we skip the parsing of messages with bad types.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/sync-mode.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/sync-mode.c')

diff --git a/src/sync-mode.c b/src/sync-mode.c
index b2b78ad..6aad8f7 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -59,6 +59,11 @@ static void do_mcast_handler_step(struct nethdr *net, size_t remain)
 			break;
 	}
 
+	if (net->type > NET_T_STATE_MAX) {
+		STATE(malformed)++;
+		dlog(LOG_ERR, "bad state message type");
+		return;
+	}
 	memset(ct, 0, sizeof(__ct));
 
 	if (parse_payload(ct, net, remain) == -1) {
-- 
cgit v1.2.3