[IPTABLES,IP6TABLES]: check invalid esp spi range

author: Yasuyuki KOZAKAI <yasuyuki@netfilter.org> 2006-04-15 03:11:15 +0000
committer: Yasuyuki KOZAKAI <yasuyuki@netfilter.org> 2006-04-15 03:11:15 +0000
commit: 2c627cf60cfb1a4e67aea1b2333f2a11e23fecd8 (patch)
tree: 24e2c7a4b15b71885a0d2288ac9757a06e18f239 /extensions
parent: 85872c845cdc79d10a5485f443cafefb720678c2 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/extensions/libip6t_esp.c b/extensions/libip6t_esp.c
index 29e865d4..886e09b3 100644
--- a/extensions/libip6t_esp.c
+++ b/extensions/libip6t_esp.c
@@ -61,6 +61,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis)
 
 		spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
 		spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+		if (spis[0] > spis[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "Invalid ESP spi range: %s", spistring);
 	}
 	free(buffer);
 }
diff --git a/extensions/libipt_esp.c b/extensions/libipt_esp.c
index 4abfba30..21e912b7 100644
--- a/extensions/libipt_esp.c
+++ b/extensions/libipt_esp.c
@@ -62,6 +62,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis)
 
 		spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
 		spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+		if (spis[0] > spis[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "Invalid ESP spi range: %s", spistring);
 	}
 	free(buffer);
 }
author	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	2006-04-15 03:11:15 +0000
committer	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	2006-04-15 03:11:15 +0000
commit	2c627cf60cfb1a4e67aea1b2333f2a11e23fecd8 (patch)
tree	24e2c7a4b15b71885a0d2288ac9757a06e18f239 /extensions
parent	85872c845cdc79d10a5485f443cafefb720678c2 (diff)