diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-18 18:51:50 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-18 19:21:37 +0200 |
| commit | 38a46caa55ffe1ffee662503ac8abb57522baaa3 (patch) | |
| tree | 86386c128e2a29fc2e704f37d49d3c295a103967 /src | |
| parent | 900d7e80b8d8339622912c88f6faea96af4115d7 (diff) | |
| download | conntrack-tools-38a46caa55ffe1ffee662503ac8abb57522baaa3.tar.gz conntrack-tools-38a46caa55ffe1ffee662503ac8abb57522baaa3.zip | |
conntrackd: fix sanitization of expection attribute in the wire format
The maximum number of attribute is NTA_EXP_MAX for expectation sync messages.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/parse.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/parse.c b/src/parse.c index f3ec6ac..878e354 100644 --- a/src/parse.c +++ b/src/parse.c @@ -510,7 +510,7 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain) ATTR_NETWORK2HOST(attr); if (attr->nta_len > len) goto err; - if (attr->nta_attr > NTA_MAX) + if (attr->nta_attr >= NTA_EXP_MAX) goto err; if (attr->nta_len < NTA_LENGTH(0)) goto err; |