41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
|
From 34e115c1a9657f07ed8a39b81c6b21fba1faa319 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Phil Sutter <psutter@redhat.com>
|
||
|
|
Date: Tue, 29 Jan 2019 18:12:15 +0100
|
||
|
|
Subject: [PATCH] object: Avoid obj_ops array overrun
|
||
|
|
|
||
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1661327
|
||
|
|
Upstream Status: libnftnl commit 16c44d9f42170
|
||
|
|
|
||
|
|
commit 16c44d9f42170264c4d484478c76e940951f1b70
|
||
|
|
Author: Phil Sutter <phil@nwl.cc>
|
||
|
|
Date: Thu Dec 20 21:03:27 2018 +0100
|
||
|
|
|
||
|
|
object: Avoid obj_ops array overrun
|
||
|
|
|
||
|
|
In version 1.1.1, obj_ops array was smaller than __NFT_OBJECT_MAX since
|
||
|
|
there are no ops for NFT_OBJECT_CONNLIMIT. Avoid this potential issue in
|
||
|
|
the future by defining the array size.
|
||
|
|
|
||
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||
|
|
---
|
||
|
|
src/object.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/object.c b/src/object.c
|
||
|
|
index d8278f3..7fb9bab 100644
|
||
|
|
--- a/src/object.c
|
||
|
|
+++ b/src/object.c
|
||
|
|
@@ -25,7 +25,7 @@
|
||
|
|
#include <buffer.h>
|
||
|
|
#include "obj.h"
|
||
|
|
|
||
|
|
-static struct obj_ops *obj_ops[] = {
|
||
|
|
+static struct obj_ops *obj_ops[__NFT_OBJECT_MAX] = {
|
||
|
|
[NFT_OBJECT_COUNTER] = &obj_ops_counter,
|
||
|
|
[NFT_OBJECT_QUOTA] = &obj_ops_quota,
|
||
|
|
[NFT_OBJECT_CT_HELPER] = &obj_ops_ct_helper,
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|