diff options
| author | Phil Sutter <phil@nwl.cc> | 2018-09-19 15:17:06 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-09-24 11:50:00 +0200 |
| commit | 11e91a4875b443450dc08951efd6a595d3f5df2e (patch) | |
| tree | e7d0caf1ee115b4346c78e876fad179780eafb9b /iptables/nft-ipv4.c | |
| parent | d95c1e8b65c4ec66b8fcd2f7ede257853a888750 (diff) | |
xtables: Don't read garbage in nft_ipv4_parse_payload()
The problem here is that get_frag() does not set 'inv' in any case, so
when later checking its value, garbage may be read. Sanitize this case
by setting 'inv' to false before calling get_frag().
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-ipv4.c')
| -rw-r--r-- | iptables/nft-ipv4.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 20ed9428..39e61844 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -234,6 +234,7 @@ static void nft_ipv4_parse_payload(struct nft_xt_ctx *ctx, break; case offsetof(struct iphdr, frag_off): cs->fw.ip.flags |= IPT_F_FRAG; + inv = false; get_frag(ctx, e, &inv); if (inv) cs->fw.ip.invflags |= IPT_INV_FRAG; |