[netfilter-cvslog] r6582 - trunk/iptables/extensions
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Sat Apr 15 05:11:18 CEST 2006
Author: yasuyuki at netfilter.org
Date: 2006-04-15 05:11:15 +0200 (Sat, 15 Apr 2006)
New Revision: 6582
Modified:
trunk/iptables/extensions/libip6t_esp.c
trunk/iptables/extensions/libipt_esp.c
Log:
[IPTABLES,IP6TABLES]: check invalid esp spi range
Modified: trunk/iptables/extensions/libip6t_esp.c
===================================================================
--- trunk/iptables/extensions/libip6t_esp.c 2006-04-15 03:09:37 UTC (rev 6581)
+++ trunk/iptables/extensions/libip6t_esp.c 2006-04-15 03:11:15 UTC (rev 6582)
@@ -61,6 +61,9 @@
spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+ if (spis[0] > spis[1])
+ exit_error(PARAMETER_PROBLEM,
+ "Invalid ESP spi range: %s", spistring);
}
free(buffer);
}
Modified: trunk/iptables/extensions/libipt_esp.c
===================================================================
--- trunk/iptables/extensions/libipt_esp.c 2006-04-15 03:09:37 UTC (rev 6581)
+++ trunk/iptables/extensions/libipt_esp.c 2006-04-15 03:11:15 UTC (rev 6582)
@@ -62,6 +62,9 @@
spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+ if (spis[0] > spis[1])
+ exit_error(PARAMETER_PROBLEM,
+ "Invalid ESP spi range: %s", spistring);
}
free(buffer);
}
More information about the netfilter-cvslog
mailing list