diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-01-10 18:20:47 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-01-12 12:19:55 +0100 |
| commit | 955bb6d31c90453e43043346c917646ddc4e5c4e (patch) | |
| tree | 0136e5d18d770154c204197fd94ca63687cb198f /src | |
| parent | 6bc6673fc88c8a3e3dd5504b2d24a6d6bc2f8427 (diff) | |
evaluate: do not fetch next expression on runaway number of concatenation components
If this is the last expression, then the runaway flag is set on and
evaluation bails in the next iteration, do not fetch next list element
which refers to the list head.
I found this by code inspection, I could not trigger any crash with this
one.
Fixes: ae1d54d1343f ("evaluate: do not crash on runaway number of concatenation components")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/evaluate.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 78732c6e..eb55f6c0 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1653,8 +1653,8 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr) if (key && expressions) { if (list_is_last(&key->list, expressions)) runaway = true; - - key = list_next_entry(key, list); + else + key = list_next_entry(key, list); } ctx->inner_desc = NULL; |