diff options
author | Jozsef Kadlecsik <kadlec@netfilter.org> | 2021-01-19 08:39:50 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@netfilter.org> | 2021-01-19 08:39:50 +0100 |
commit | a11d65f39b39e573418b4296b22c3dccfd5a4b5c (patch) | |
tree | 40ec3a6f75da201642a891d1abb2e039d25ae307 /lib | |
parent | 637ce45bf221d276cc4b20eb84444e7196b322d5 (diff) |
Argument parsing buffer overflow in ipset_parse_argv fixed
Argument length checking was simply missing. Fixes netfilter
bugzilla #1492, reported by Marshall Whittaker.
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ipset.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/ipset.c b/lib/ipset.c index 8633491..8ae2b6f 100644 --- a/lib/ipset.c +++ b/lib/ipset.c @@ -949,6 +949,11 @@ ipset_parse_argv(struct ipset *ipset, int oargc, char *oargv[]) int argc = oargc; char *argv[MAX_ARGS] = {}; + if (argc > MAX_ARGS) + return ipset->custom_error(ipset, + p, IPSET_PARAMETER_PROBLEM, + "Line is too long to parse."); + /* We need a local copy because of ipset_shift_argv */ memcpy(argv, oargv, sizeof(char *) * argc); |