diff mbox series

[iptables,3/5] ebtables: Fix for potential array boundary overstep

Message ID 20180910213517.12160-4-phil@nwl.cc
State Accepted
Delegated to: Pablo Neira
Headers show
Series Fix for bugs indicated by covscan | expand

Commit Message

Phil Sutter Sept. 10, 2018, 9:35 p.m. UTC 
Fix the parameter check in nft_ebt_standard_target() to avoid an array
out of bounds access in ebt_standard_targets.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-bridge.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
index 1fe26bab4feb5..9d49ccbef0961 100644
--- a/iptables/nft-bridge.h
+++ b/iptables/nft-bridge.h
@@ -78,7 +78,7 @@  static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
 
 static inline const char *nft_ebt_standard_target(unsigned int num)
 {
-	if (num > NUM_STANDARD_TARGETS)
+	if (num >= NUM_STANDARD_TARGETS)
 		return NULL;
 
 	return ebt_standard_targets[num];