From d15fb34c777c10a67f8db2b6960bc094b3284fc5 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Fri, 26 Jul 2002 16:27:57 +0000
Subject: check for invalid port ranges (Thomas Poehnitz)

---
 extensions/libip6t_tcp.c | 4 ++++
 extensions/libip6t_udp.c | 4 ++++
 extensions/libipt_tcp.c  | 4 ++++
 extensions/libipt_udp.c  | 4 ++++
 4 files changed, 16 insertions(+)

diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c
index 8e54dc44..1bf1d198 100644
--- a/extensions/libip6t_tcp.c
+++ b/extensions/libip6t_tcp.c
@@ -77,6 +77,10 @@ parse_tcp_ports(const char *portstring, u_int16_t *ports)
 
 		ports[0] = buffer[0] ? parse_tcp_port(buffer) : 0;
 		ports[1] = cp[0] ? parse_tcp_port(cp) : 0xFFFF;
+		
+		if (ports[0] > ports[1])
+			exit_error(PARAMETER_PROBLEM, 
+				   "invalid portrange (min > max)");
 	}
 	free(buffer);
 }
diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c
index fb0505e8..a2e2fe64 100644
--- a/extensions/libip6t_udp.c
+++ b/extensions/libip6t_udp.c
@@ -69,6 +69,10 @@ parse_udp_ports(const char *portstring, u_int16_t *ports)
 
 		ports[0] = buffer[0] ? parse_udp_port(buffer) : 0;
 		ports[1] = cp[0] ? parse_udp_port(cp) : 0xFFFF;
+
+		if (ports[0] > ports[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "invalid portrange (min > max)");
 	}
 	free(buffer);
 }
diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c
index acf60501..1ff8f12e 100644
--- a/extensions/libipt_tcp.c
+++ b/extensions/libipt_tcp.c
@@ -77,6 +77,10 @@ parse_tcp_ports(const char *portstring, u_int16_t *ports)
 
 		ports[0] = buffer[0] ? parse_tcp_port(buffer) : 0;
 		ports[1] = cp[0] ? parse_tcp_port(cp) : 0xFFFF;
+
+		if (ports[0] > ports[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "invalid portrange (min > max)");
 	}
 	free(buffer);
 }
diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c
index 622fb436..ccea2105 100644
--- a/extensions/libipt_udp.c
+++ b/extensions/libipt_udp.c
@@ -69,6 +69,10 @@ parse_udp_ports(const char *portstring, u_int16_t *ports)
 
 		ports[0] = buffer[0] ? parse_udp_port(buffer) : 0;
 		ports[1] = cp[0] ? parse_udp_port(cp) : 0xFFFF;
+
+		if (ports[0] > ports[1])
+			exit_error(PARAMETER_PROBLEM,
+				   "invalid portrange (min > max)");
 	}
 	free(buffer);
 }
-- 
cgit v1.2.3