Instead of segfaulting due to out of bound access access to protocol context array ctx->protocol[base].location from proto_ctx_update(). # nft add rule filter input ah nexthdr tcp nft: payload.c:88: payload_expr_pctx_update: Assertion `left->payload.base + 1 <= (__PROTO_BASE_MAX - 1)' failed. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- So we avoid a crash. I think we have to add PROTO_BASE_INNER_HDR to proto_bases and add some extra offsets for the inner header for this case. At least, I'd like to put this in the tree so we have this in our radar. src/payload.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/payload.c b/src/payload.c index 83742fb..08578fd 100644 --- a/src/payload.c +++ b/src/payload.c @@ -85,6 +85,7 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx, base = ctx->protocol[left->payload.base].desc; desc = proto_find_upper(base, proto); + assert(left->payload.base + 1 <= PROTO_BASE_MAX); proto_ctx_update(ctx, left->payload.base + 1, &expr->location, desc); } -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
