From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 03/14]: nf_conntrack: check address family when finding protocol module
Date: Fri, 3 Feb 2006 14:44:03 +0100 (MET) [thread overview]
Message-ID: <20060203134403.2141.95037.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20060203134358.2141.63426.sendpatchset@localhost.localdomain>
[NETFILTER]: nf_conntrack: check address family when finding protocol module
__nf_conntrack_{l3}proto_find() doesn't check the passed protocol family,
then it's possible to touch out of the array which has only AF_MAX items.
Spotted by Pablo Neira Ayuso.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit edf3735e79f637f92f34d0848bfb6c0ea45a9349
tree bb8c411bf1f695008b7bc22f7d05d58ac5dea997
parent 04e7be099c349b1c9646ad3cc2c409775c846334
author Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Fri, 03 Feb 2006 12:27:36 +0100
committer Patrick McHardy <kaber@trash.net> Fri, 03 Feb 2006 12:27:36 +0100
include/net/netfilter/nf_conntrack_l3proto.h | 15 +++++++++------
net/netfilter/nf_conntrack_core.c | 2 +-
2 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h
index 67856eb..dac43b1 100644
--- a/include/net/netfilter/nf_conntrack_l3proto.h
+++ b/include/net/netfilter/nf_conntrack_l3proto.h
@@ -88,12 +88,6 @@ extern struct nf_conntrack_l3proto *nf_c
extern int nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto);
extern void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto);
-static inline struct nf_conntrack_l3proto *
-__nf_ct_l3proto_find(u_int16_t l3proto)
-{
- return nf_ct_l3protos[l3proto];
-}
-
extern struct nf_conntrack_l3proto *
nf_ct_l3proto_find_get(u_int16_t l3proto);
@@ -103,4 +97,13 @@ extern void nf_ct_l3proto_put(struct nf_
extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4;
extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6;
extern struct nf_conntrack_l3proto nf_conntrack_generic_l3proto;
+
+static inline struct nf_conntrack_l3proto *
+__nf_ct_l3proto_find(u_int16_t l3proto)
+{
+ if (unlikely(l3proto >= AF_MAX))
+ return &nf_conntrack_generic_l3proto;
+ return nf_ct_l3protos[l3proto];
+}
+
#endif /*_NF_CONNTRACK_L3PROTO_H*/
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 62bb509..0ce337a 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -188,7 +188,7 @@ extern struct nf_conntrack_protocol nf_c
struct nf_conntrack_protocol *
__nf_ct_proto_find(u_int16_t l3proto, u_int8_t protocol)
{
- if (unlikely(nf_ct_protos[l3proto] == NULL))
+ if (unlikely(l3proto >= AF_MAX || nf_ct_protos[l3proto] == NULL))
return &nf_conntrack_generic_protocol;
return nf_ct_protos[l3proto][protocol];
next prev parent reply other threads:[~2006-02-03 13:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-03 13:43 [00/14]: Netfilter fixes for 2.6.16 Patrick McHardy
2006-02-03 13:43 ` [NETFILTER 01/14]: ctnetlink: Fix subsystem used for expectation events Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 02/14]: ctnetlink: add MODULE_ALIAS for expectation subsystem Patrick McHardy
2006-02-03 13:44 ` Patrick McHardy [this message]
2006-02-03 13:44 ` [NETFILTER 04/14]: ULOG/nfnetlink_log: Use better default value for 'nlbufsiz' Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 05/14]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 06/14]: nfnetlink_queue: fix packet marking over netlink Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 07/14]: Fix missing src port initialization in tftp expectation mask Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 08/14]: iptables: fix typos in ipt_connbytes.h Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 09/14]: nf_conntrack: fix incorrect memset() size in FTP helper Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 10/14]: Fix possible overflow in netfilters do_replace() Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 11/14]: Check policy length in policy match strict mode Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 12/14]: Fix ip6t_policy address matching Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 13/14]: Prepare {ipt, ip6t}_policy match for x_tables unification Patrick McHardy
2006-02-03 13:44 ` [NETFILTER 14/14]: Fix check whether dst_entry needs to be released after NAT Patrick McHardy
2006-02-04 10:21 ` [00/14]: Netfilter fixes for 2.6.16 David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060203134403.2141.95037.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.