You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.5 KiB
46 lines
1.5 KiB
From d9b22d809995f16b2bc988c8f72d70a5cd3e86d1 Mon Sep 17 00:00:00 2001 |
|
From: Phil Sutter <psutter@redhat.com> |
|
Date: Fri, 15 Mar 2019 17:50:10 +0100 |
|
Subject: [PATCH] libxt_string: Avoid potential array out of bounds access |
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980 |
|
Upstream Status: iptables commit 56d7ab42f3782 |
|
|
|
commit 56d7ab42f37829ab8d42f34b77fd630ce08f5a7c |
|
Author: Phil Sutter <phil@nwl.cc> |
|
Date: Mon Sep 10 23:35:16 2018 +0200 |
|
|
|
libxt_string: Avoid potential array out of bounds access |
|
|
|
The pattern index variable 'sindex' is bounds checked before |
|
incrementing it, which means in the next loop iteration it might already |
|
match the bounds check condition but is used anyway. |
|
|
|
Fix this by incrementing the index before performing the bounds check. |
|
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc> |
|
Signed-off-by: Florian Westphal <fw@strlen.de> |
|
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com> |
|
--- |
|
extensions/libxt_string.c | 3 +-- |
|
1 file changed, 1 insertion(+), 2 deletions(-) |
|
|
|
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c |
|
index fb15980e4a73f..d298c6a7081e7 100644 |
|
--- a/extensions/libxt_string.c |
|
+++ b/extensions/libxt_string.c |
|
@@ -159,9 +159,8 @@ parse_hex_string(const char *s, struct xt_string_info *info) |
|
info->pattern[sindex] = s[i]; |
|
i++; |
|
} |
|
- if (sindex > XT_STRING_MAX_PATTERN_SIZE) |
|
+ if (++sindex > XT_STRING_MAX_PATTERN_SIZE) |
|
xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s); |
|
- sindex++; |
|
} |
|
info->patlen = sindex; |
|
} |
|
-- |
|
2.21.0 |
|
|
|
|