[NETFILTER 01/07]: nf_conntrack_ftp: fix newline sequence number update

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 01/07]: nf_conntrack_ftp: fix newline sequence number update
Date: Fri, 25 May 2007 00:02:07 +0200 (MEST)	[thread overview]
Message-ID: <20070524215835.14308.87748.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20070524215833.14308.60841.sendpatchset@localhost.localdomain>

[NETFILTER]: nf_conntrack_ftp: fix newline sequence number update

When trying to locate the oldest entry in the history of newline character
sequence numbers, the sequence number of the current entry is incorrectly
compared with the index of the oldest sequence number instead of the number
itself.

Additionally it is not made sure that the current sequence number really
is after the oldest known one.

Based on report by YU, Haitao <yuhaitao@tsinghua.org.cn>

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 5e09b4a295e2aed7cb6fe60f86bafba4d8e77836
tree fb2d6e90d04c155578a5fe3321f9b2297426bdee
parent 0076b2cfaee8fa7109d6c923144b88f0032ffb8b
author Patrick McHardy <kaber@trash.net> Thu, 24 May 2007 23:49:57 +0200
committer Patrick McHardy <kaber@trash.net> Thu, 24 May 2007 23:49:57 +0200

 net/netfilter/nf_conntrack_ftp.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index a186799..3357642 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -335,15 +335,17 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir,
 		if (info->seq_aft_nl[dir][i] == nl_seq)
 			return;
 
-		if (oldest == info->seq_aft_nl_num[dir]
-		    || before(info->seq_aft_nl[dir][i], oldest))
+		if (oldest == info->seq_aft_nl_num[dir] ||
+		    before(info->seq_aft_nl[dir][i],
+		    	   info->seq_aft_nl[dir][oldest]))
 			oldest = i;
 	}
 
 	if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) {
 		info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq;
 		nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb);
-	} else if (oldest != NUM_SEQ_TO_REMEMBER) {
+	} else if (oldest != NUM_SEQ_TO_REMEMBER &&
+		   after(nl_seq, info->seq_aft_nl[dir][oldest])) {
 		info->seq_aft_nl[dir][oldest] = nl_seq;
 		nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb);
 	}

next prev parent reply	other threads:[~2007-05-24 22:02 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-24 22:02 [NETFILTER 00/07]: Netfilter fixes Patrick McHardy
2007-05-24 22:02 ` Patrick McHardy [this message]
2007-05-24 23:41   ` [NETFILTER 01/07]: nf_conntrack_ftp: fix newline sequence number update David Miller
2007-05-24 22:02 ` [NETFILTER 02/07]: nf_conntrack_ftp: fix newline sequence number calculation Patrick McHardy
2007-05-24 23:41   ` David Miller
2007-05-24 22:02 ` [NETFILTER 03/07]: nf_conntrack_h323: fix ASN.1 types Patrick McHardy
2007-05-24 23:42   ` David Miller
2007-05-24 22:02 ` [NETFILTER 04/07]: nf_conntrack_h323: fix get_h225_addr() for IPv6 address access Patrick McHardy
2007-05-24 23:43   ` David Miller
2007-05-24 22:02 ` [NETFILTER 05/07]: nf_conntrack_h323: remove unnecessary process of Information signal Patrick McHardy
2007-05-24 23:43   ` David Miller
2007-05-24 22:02 ` [NETFILTER 06/07]: nf_conntrack_h323: add missing T.120 address in OLCA Patrick McHardy
2007-05-24 23:44   ` David Miller
2007-05-24 22:02 ` [NETFILTER 07/07]: nf_nat_h323: call set_h225_addr instead of set_h225_addr_hook Patrick McHardy
2007-05-24 23:44   ` David Miller
2007-05-24 23:45 ` [NETFILTER 00/07]: Netfilter fixes David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a186799 dfblob:3357642 )
 OR (
bs:"[NETFILTER 01/07]: nf_conntrack_ftp: fix newline sequence number update" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070524215835.14308.87748.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.