diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-10-04 21:44:14 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2019-10-15 19:34:12 +0200 |
| commit | 00b144bc9d093dbdd1a3690dc8e8fb90b5447f2d (patch) | |
| tree | b9f6d50a72a20f17b68ba77d61b4922a7ff3886b /src | |
| parent | 0d5bb960b2f953c71fff15f88c8f0c331a1fa965 (diff) | |
obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data()
Array 'tb' has only 'attr_max' elements, the loop overstepped its
boundary by one. Copy array_size() macro from include/utils.h in
nftables.git to make sure code does the right thing.
Fixes: 0adceeab1597a ("src: add ct timeout support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/obj/ct_timeout.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c index a439432..a09e25a 100644 --- a/src/obj/ct_timeout.c +++ b/src/obj/ct_timeout.c @@ -134,7 +134,7 @@ timeout_parse_attr_data(struct nftnl_obj *e, if (mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt) < 0) return -1; - for (i = 1; i <= attr_max; i++) { + for (i = 1; i < array_size(tb); i++) { if (tb[i]) { nftnl_timeout_policy_attr_set_u32(e, i-1, ntohl(mnl_attr_get_u32(tb[i]))); |