diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-18 18:53:49 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-18 19:22:02 +0200 |
| commit | cf2c6ea6cf1dd2753c431374284e148aba55f947 (patch) | |
| tree | fbbffe10d6b5eefcffbda50f391d602899ef5f55 /src | |
| parent | 38a46caa55ffe1ffee662503ac8abb57522baaa3 (diff) | |
| download | conntrack-tools-cf2c6ea6cf1dd2753c431374284e148aba55f947.tar.gz conntrack-tools-cf2c6ea6cf1dd2753c431374284e148aba55f947.zip | |
conntrackd: NTA_MAX is also an invalid attribute
Otherwise this can result in an off-by-one array access.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/parse.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/parse.c b/src/parse.c index 878e354..3ac4092 100644 --- a/src/parse.c +++ b/src/parse.c @@ -297,7 +297,7 @@ int msg2ct(struct nf_conntrack *ct, struct nethdr *net, size_t remain) return -1; if (attr->nta_len < NTA_LENGTH(0)) return -1; - if (attr->nta_attr > NTA_MAX) + if (attr->nta_attr >= NTA_MAX) return -1; if (h[attr->nta_attr].size && attr->nta_len != h[attr->nta_attr].size) |