Fix the parameter check in nft_ebt_standard_target() to avoid an array
out of bounds access in ebt_standard_targets.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-bridge.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
index 1fe26bab4feb5..9d49ccbef0961 100644
--- a/iptables/nft-bridge.h
+++ b/iptables/nft-bridge.h
@@ -78,7 +78,7 @@ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
static inline const char *nft_ebt_standard_target(unsigned int num)
{
- if (num > NUM_STANDARD_TARGETS)
+ if (num >= NUM_STANDARD_TARGETS)
return NULL;
return ebt_standard_targets[num];
--
2.18.0
