| Message ID | 1459513057-30652-6-git-send-email-fw@strlen.de |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 1f44bfa..ec1b718 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -568,6 +568,9 @@ int xt_check_entry_offsets(const void *base, return -EINVAL; t = (void *)(e + target_offset); + if (t->u.target_size < sizeof(*t)) + return -EINVAL; + if (target_offset + t->u.target_size > next_offset) return -EINVAL;
The target size includes the size of the xt_entry_target struct. Signed-off-by: Florian Westphal <fw@strlen.de> --- net/netfilter/x_tables.c | 3 +++ 1 file changed, 3 insertions(+)