summaryrefslogtreecommitdiffstats
path: root/iptables/nft-bridge.h
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-09-10 23:35:15 +0200
committerFlorian Westphal <fw@strlen.de>2018-09-13 10:47:59 +0200
commitbfd41c8d99a54769678e0c66d55797082bf1edd3 (patch)
tree2b4a5533b97f4d073c9931bc81ae65117226bf32 /iptables/nft-bridge.h
parente6f986762667ee2b2d61e7978d460f28916158a3 (diff)
ebtables: Fix for potential array boundary overstep
Fix the parameter check in nft_ebt_standard_target() to avoid an array out of bounds access in ebt_standard_targets. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-bridge.h')
-rw-r--r--iptables/nft-bridge.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
index 1fe26bab..9d49ccbe 100644
--- a/iptables/nft-bridge.h
+++ b/iptables/nft-bridge.h
@@ -78,7 +78,7 @@ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
static inline const char *nft_ebt_standard_target(unsigned int num)
{
- if (num > NUM_STANDARD_TARGETS)
+ if (num >= NUM_STANDARD_TARGETS)
return NULL;
return ebt_standard_targets[num];