path: root/extensions/libxt_sctp.c
diff options
authorhuaibin Wang <>2017-11-13 14:27:54 +0100
committerPablo Neira Ayuso <>2017-11-13 14:30:08 +0100
commit71de414c21f7f31270e5d62e782e52257e5c3d06 (patch)
treee5fc243b299675b0a89e9d5e1b578b74aaae133d /extensions/libxt_sctp.c
parent1a32381aa637d6a4a60f793ed671e9c095ef77c2 (diff)
libxt_sctp: fix array out of range in print_chunk
For chunk type ASCONF, ASCONF_ACK and FORWARD_TSN, sctp_chunk_names[].chunk_type is not equal to the corresponding index in sctp_chunk_names[]. Using this field leads to a segmentation fault (index out of range). Example $ iptables -A INPUT -p sctp --chunk-type all ASCONF,ASCONF_ACK,FORWARD_TSN -j ACCEPT $ iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Segmentation fault Signed-off-by: huaibin Wang <> Signed-off-by: Nicolas Dichtel <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'extensions/libxt_sctp.c')
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index df1936be..140de265 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -370,7 +370,7 @@ print_chunk(uint32_t chunknum, int numeric)
for (i = 0; i < ARRAY_SIZE(sctp_chunk_names); ++i)
if (sctp_chunk_names[i].chunk_type == chunknum)
- printf("%s", sctp_chunk_names[chunknum].name);
+ printf("%s", sctp_chunk_names[i].name);