anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-06 12:45:13 +02:00
Code Issues Releases Wiki Activity

xt_geoip: fix possible out-of-bounds access

Browse Source 
It is possible for geoip_bsearch() to pick mid == sizeof(subnets).

Consider a set with a single entry and a "address to test"
higher than the range:

1st call: lo = 0, hi = 1 -> mid will be 0
2nd call: lo = 1, hi = 1 -> mid will be 1

On the 2nd call, we'll examine random data.

Reported-by: Florian Westphal <fw@strlen.de>
This commit is contained in:
Jan Engelhardt
2010-06-13 10:40:07 +02:00
parent a2662b0121
commit 4dcefe4b95
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
extensions/xt_geoip.c
View File

@@ -126,13 +126,13 @@ static bool geoip_bsearch(const struct geoip_subnet *range,
{ {
int mid; int mid;
if (hi < lo) if (hi <= lo)
return false; return false;
mid = (lo + hi) / 2; mid = (lo + hi) / 2;
if (range[mid].begin <= addr && addr <= range[mid].end) if (range[mid].begin <= addr && addr <= range[mid].end)
return true; return true;
if (range[mid].begin > addr) if (range[mid].begin > addr)
return geoip_bsearch(range, addr, lo, mid - 1); return geoip_bsearch(range, addr, lo, mid);
else if (range[mid].end < addr) else if (range[mid].end < addr)
return geoip_bsearch(range, addr, mid + 1, hi); return geoip_bsearch(range, addr, mid + 1, hi);