The pattern index variable 'sindex' is bounds checked before incrementing it, which means in the next loop iteration it might already match the bounds check condition but is used anyway. Fix this by incrementing the index before performing the bounds check. Signed-off-by: Phil Sutter <phil@xxxxxx> --- extensions/libxt_string.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c index fb15980e4a73f..d298c6a7081e7 100644 --- a/extensions/libxt_string.c +++ b/extensions/libxt_string.c @@ -159,9 +159,8 @@ parse_hex_string(const char *s, struct xt_string_info *info) info->pattern[sindex] = s[i]; i++; } - if (sindex > XT_STRING_MAX_PATTERN_SIZE) + if (++sindex > XT_STRING_MAX_PATTERN_SIZE) xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s); - sindex++; } info->patlen = sindex; } -- 2.18.0
