expr/ct: prevent array index overrun in ctkey2str()

The array has NFT_CT_MAX fields, so indices must be less than that number. Fixes: 977b7a1dbe1bd ("ct: xml: use key names instead of numbers") Cc: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2016-08-12 01:33:35 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-08-12 01:45:40 +0200
commit: cca54d5e9c3f436cd85bc55415c08bf671bfefe6 (patch)
tree: e62aad0cce676d406c0a1b8c3b8f22a52e51df2b
parent: d29f0825c33af8c53a939b7f0e8d5beb2ed48c83 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 7d96df4..1a53b49 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -173,7 +173,7 @@ static const char *ctkey2str_array[NFT_CT_MAX] = {
 
 static const char *ctkey2str(uint32_t ctkey)
 {
-	if (ctkey > NFT_CT_MAX)
+	if (ctkey >= NFT_CT_MAX)
 		return "unknown";
 
 	return ctkey2str_array[ctkey];
author	Phil Sutter <phil@nwl.cc>	2016-08-12 01:33:35 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-08-12 01:45:40 +0200
commit	cca54d5e9c3f436cd85bc55415c08bf671bfefe6 (patch)
tree	e62aad0cce676d406c0a1b8c3b8f22a52e51df2b
parent	d29f0825c33af8c53a939b7f0e8d5beb2ed48c83 (diff)