Message ID | 20180910213517.12160-4-phil@nwl.cc |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
Series | Fix for bugs indicated by covscan | expand |
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h index 1fe26bab4feb5..9d49ccbef0961 100644 --- a/iptables/nft-bridge.h +++ b/iptables/nft-bridge.h @@ -78,7 +78,7 @@ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = { static inline const char *nft_ebt_standard_target(unsigned int num) { - if (num > NUM_STANDARD_TARGETS) + if (num >= NUM_STANDARD_TARGETS) return NULL; return ebt_standard_targets[num];
Fix the parameter check in nft_ebt_standard_target() to avoid an array out of bounds access in ebt_standard_targets. Signed-off-by: Phil Sutter <phil@nwl.cc> --- iptables/nft-bridge.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)