net/netfilter/nf_conntrack_ftp.c
321 /* We don't update if it's older than what we have. */
322 static void update_nl_seq(struct nf_conn *ct, u32 nl_seq,
323 struct nf_ct_ftp_master *info, int dir,
324 struct sk_buff *skb)
325 {
326 unsigned int i, oldest = NUM_SEQ_TO_REMEMBER;
Should this be oldest = NUM_SEQ_TO_REMEMBER - 1;? The array is
defined as:
u_int32_t seq_aft_nl[IP_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
327
328 /* Look for oldest: if we find exact match, we're done. */
329 for (i = 0; i < info->seq_aft_nl_num[dir]; i++) {
330 if (info->seq_aft_nl[dir][i] == nl_seq)
331 return;
332
333 if (oldest == info->seq_aft_nl_num[dir] ||
334 before(info->seq_aft_nl[dir][i],
335 info->seq_aft_nl[dir][oldest]))
Line 335 has the possible array out of bounds I am concerned about.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
