Same as previous commit. Doing this actually allows to remove code that is no longer needed. Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> --- ip6tables.c | 2 ++ iptables.c | 2 ++ 2 files changed, 4 insertions(+), 0 deletions(-) diff --git a/ip6tables.c b/ip6tables.c index 4ca4bfe..d4c2339 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1706,6 +1706,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand default: if (target == NULL || target->parse == NULL || + c < target->option_offset || + c >= target->option_offset + XT_OPTION_OFFSET_SCALE || !target->parse(c - target->option_offset, argv, invert, &target->tflags, diff --git a/iptables.c b/iptables.c index bcacd49..b45211a 100644 --- a/iptables.c +++ b/iptables.c @@ -1738,6 +1738,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle default: if (target == NULL || target->parse == NULL || + c < target->option_offset || + c >= target->option_offset + XT_OPTION_OFFSET_SCALE || !target->parse(c - target->option_offset, argv, invert, &target->tflags, -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
