ce683e5f9d
We're currently asserting that targetoff + targetsize <= nextoff. Extend it to also check that targetoff is >= sizeof(xt_entry). Since this is generic code, add an argument pointing to the start of the match/target, we can then derive the base structure size from the delta. We also need the e->elems pointer in a followup change to validate matches. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| ipset | ||
| nf_conntrack_amanda.h | ||
| nf_conntrack_common.h | ||
| nf_conntrack_dccp.h | ||
| nf_conntrack_ftp.h | ||
| nf_conntrack_h323_asn1.h | ||
| nf_conntrack_h323_types.h | ||
| nf_conntrack_h323.h | ||
| nf_conntrack_irc.h | ||
| nf_conntrack_pptp.h | ||
| nf_conntrack_proto_gre.h | ||
| nf_conntrack_sane.h | ||
| nf_conntrack_sctp.h | ||
| nf_conntrack_sip.h | ||
| nf_conntrack_snmp.h | ||
| nf_conntrack_tcp.h | ||
| nf_conntrack_tftp.h | ||
| nf_conntrack_zones_common.h | ||
| nfnetlink_acct.h | ||
| nfnetlink.h | ||
| x_tables.h | ||
| xt_hashlimit.h | ||
| xt_physdev.h | ||