On Mon, Sep 17, 2018 at 01:38:33PM +0200, Phil Sutter wrote:
> Commit 56d7ab42f3782 ("libxt_string: Avoid potential array out of bounds
> access") tried to fix parse_hex_string() for overlong strings but the
> change still allowed for 'sindex' to become XT_STRING_MAX_PATTERN_SIZE
> which leads to access of first byte after info->pattern. This is not
> really a problem because it merely overwrites info->patlen before
> calling xtables_error() later, but covscan still detects it so it's
> still worth fixing.
>
> The crucial bit here is that 'sindex' has to be incremented at end of
> the last iteration since its value is used for info->patlen. Hence just
> move the overflow check to the beginning of the loop.
Applied, thanks.
