package/network/utils/iptables/patches/900-fix-cve-2019-11360.patch


1
2
3
4
5
6
7
8
9
10
11
12
13

--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -129,6 +129,10 @@ static void add_param_to_argv(char *pars
 	 * longer a real hacker, but I can live with that */
 
 	for (curchar = parsestart; *curchar; curchar++) {
+		if (param_len >= sizeof(param_buffer))
+			xtables_error(PARAMETER_PROBLEM,
+			"Parameter too long!");
+
 		if (quote_open) {
 			if (escaped) {
 				param_buffer[param_len++] = *curchar;