summaryrefslogtreecommitdiff
path: root/extensions
diff options
context:
space:
mode:
authorhuaibin Wang <huaibin.wang@6wind.com>2017-11-13 14:27:54 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2017-11-13 14:30:08 +0100
commit71de414c21f7f31270e5d62e782e52257e5c3d06 (patch)
treee5fc243b299675b0a89e9d5e1b578b74aaae133d /extensions
parent1a32381aa637d6a4a60f793ed671e9c095ef77c2 (diff)
downloadiptables-71de414c21f7f31270e5d62e782e52257e5c3d06.tar.gz
libxt_sctp: fix array out of range in print_chunk
For chunk type ASCONF, ASCONF_ACK and FORWARD_TSN, sctp_chunk_names[].chunk_type is not equal to the corresponding index in sctp_chunk_names[]. Using this field leads to a segmentation fault (index out of range). Example $ iptables -A INPUT -p sctp --chunk-type all ASCONF,ASCONF_ACK,FORWARD_TSN -j ACCEPT $ iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Segmentation fault Signed-off-by: huaibin Wang <huaibin.wang@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libxt_sctp.c2
-rw-r--r--extensions/libxt_sctp.t9
2 files changed, 4 insertions, 7 deletions
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index df1936be..140de265 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -370,7 +370,7 @@ print_chunk(uint32_t chunknum, int numeric)
for (i = 0; i < ARRAY_SIZE(sctp_chunk_names); ++i)
if (sctp_chunk_names[i].chunk_type == chunknum)
- printf("%s", sctp_chunk_names[chunknum].name);
+ printf("%s", sctp_chunk_names[i].name);
}
}
diff --git a/extensions/libxt_sctp.t b/extensions/libxt_sctp.t
index 2f75e2a6..4016e4fb 100644
--- a/extensions/libxt_sctp.t
+++ b/extensions/libxt_sctp.t
@@ -23,10 +23,7 @@
-p sctp -m sctp --chunk-types all COOKIE_ACK;=;OK
-p sctp -m sctp --chunk-types all ECN_ECNE;=;OK
-p sctp -m sctp --chunk-types all ECN_CWR;=;OK
-# ERROR: iptables-save segfaults: iptables -A INPUT -p sctp -m sctp --chunk-types all ASCONF
-# -p sctp -m sctp --chunk-types all ASCONF;=;OK
-# ERROR: iptables-save segfaults: iptables -A INPUT -p sctp -m sctp --chunk-types all ASCONF_ACK
-# -p sctp -m sctp --chunk-types all ASCONF_ACK;=;OK
-# ERROR: iptables-save segfaults: iptables -A INPUT -p sctp -m sctp --chunk-types all FORWARD_TSN
-# -p sctp -m sctp --chunk-types all FORWARD_TSN;=;OK
+-p sctp -m sctp --chunk-types all ASCONF;=;OK
+-p sctp -m sctp --chunk-types all ASCONF_ACK;=;OK
+-p sctp -m sctp --chunk-types all FORWARD_TSN;=;OK
-p sctp -m sctp --chunk-types all SHUTDOWN_COMPLETE;=;OK
View Lorry Controller Status