diff options
author | Phil Sutter <phil@nwl.cc> | 2017-10-09 15:47:39 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-10-17 14:12:47 +0200 |
commit | dbbab0aa328f136502373a1031e64eb53fa113e5 (patch) | |
tree | 557f0aaee2a2d7059f208b29d8b90860f78f08a2 /extensions/libxt_tcpmss.c | |
parent | 0e9582814a201a29be42d096fe36723fa16078da (diff) |
extensions: libxt_tcpmss: Detect invalid ranges
Previously, an MSS range of e.g. 65535:1000 was silently accepted but
would then never match a packet since the kernel checks whether the MSS
value is greater than or equal to the first *and* less than or equal to
the second value.
Detect this as a parameter problem and update the man page accordingly.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_tcpmss.c')
-rw-r--r-- | extensions/libxt_tcpmss.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c index c7c59717..bcd357aa 100644 --- a/extensions/libxt_tcpmss.c +++ b/extensions/libxt_tcpmss.c @@ -27,8 +27,12 @@ static void tcpmss_parse(struct xt_option_call *cb) xtables_option_parse(cb); mssinfo->mss_min = cb->val.u16_range[0]; mssinfo->mss_max = mssinfo->mss_min; - if (cb->nvals == 2) + if (cb->nvals == 2) { mssinfo->mss_max = cb->val.u16_range[1]; + if (mssinfo->mss_max < mssinfo->mss_min) + xtables_error(PARAMETER_PROBLEM, + "tcpmss: invalid range given"); + } if (cb->invert) mssinfo->invert = 1; } |