git://git.onelab.eu / iptables.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
update to iptables-1.3.8
[iptables.git] / extensions / libip6t_esp.c
diff --git a/extensions/libip6t_esp.c b/extensions/libip6t_esp.c
index 29e865d..886e09b 100644 (file)
--- a/extensions/libip6t_esp.c
+++ b/extensions/libip6t_esp.c
@@ -61,6 +61,9 @@ parse_esp_spis(const char *spistring, u_int32_t *spis)
 
                spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
                spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
+               if (spis[0] > spis[1])
+                       exit_error(PARAMETER_PROBLEM,
+                                  "Invalid ESP spi range: %s", spistring);
        }
        free(buffer);
 }
iptables