[NETFILTER]: h323 helper: fix excessive stack usage

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jing Min Zhao <zhaojingmin@hotmail.com>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: [NETFILTER]: h323 helper: fix excessive stack usage
Date: Sat, 25 Feb 2006 10:03:44 +0100	[thread overview]
Message-ID: <44001D70.3050108@trash.net> (raw)

[-- Attachment #1: Type: text/plain, Size: 78 bytes --]

See Changelog entry. The kernel stack is very small, we can't use that
much.


[-- Attachment #2: 02.diff --]
[-- Type: text/x-patch, Size: 3695 bytes --]

[NETFILTER]: h323 helper: fix excessive stack usage

The decoded messages are too large to be declared on the stack:

sizeof(RasMessage)=256
sizeof(Q931)=3360
sizeof(MultimediaSystemControlMessage)=104

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 7206cd2e0c2c0a0c650c83ab4a10e1f54728d42d
tree da44f016a7046b3e5920a6120b29693046c6390c
parent 812edb2b2ad20ef6f774bdd95e868885e7eb0790
author Patrick McHardy <kaber@trash.net> Thu, 23 Feb 2006 14:10:19 +0100
committer Patrick McHardy <kaber@trash.net> Thu, 23 Feb 2006 14:10:19 +0100

 net/ipv4/netfilter/ip_conntrack_helper_h323.c |   16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index 7fe387d..8d49e74 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -417,7 +417,7 @@ static int h245_help(struct sk_buff **ps
 	unsigned char *data;
 	int datalen;
 	int ret;
-	MultimediaSystemControlMessage mscm;
+	static MultimediaSystemControlMessage mscm;
 
 	/* Until there's been traffic both ways, don't look in packets. */
 	if (ctinfo != IP_CT_ESTABLISHED
@@ -434,15 +434,16 @@ static int h245_help(struct sk_buff **ps
 	       NIPQUAD((*pskb)->nh.iph->saddr),
 	       NIPQUAD((*pskb)->nh.iph->daddr), datalen);
 
+	spin_lock_bh(&ip_h245_lock);
 	ret = DecodeMultimediaSystemControlMessage(data, datalen, &mscm);
 	if (ret < 0) {
 		DEBUGP("ip_ct_h245: decoding error: %s\n",
 		       ret ==
 		       H323_ERROR_BOUND ? "out of bound" : "out of range");
+		spin_unlock_bh(&ip_h245_lock);
 		return NF_ACCEPT;
 	}
 
-	spin_lock_bh(&ip_h245_lock);
 	ret = process_h245(pskb, ct, ctinfo, &data, &mscm);
 	spin_unlock_bh(&ip_h245_lock);
 
@@ -874,7 +875,7 @@ static int q931_help(struct sk_buff **ps
 	unsigned char *data;
 	int datalen;
 	int ret;
-	Q931 q931;
+	static Q931 q931;
 
 	/* Until there's been traffic both ways, don't look in packets. */
 	if (ctinfo != IP_CT_ESTABLISHED
@@ -891,16 +892,17 @@ static int q931_help(struct sk_buff **ps
 	       NIPQUAD((*pskb)->nh.iph->saddr),
 	       NIPQUAD((*pskb)->nh.iph->daddr), datalen);
 
+	spin_lock_bh(&ip_q931_lock);
 	ret = DecodeQ931(data, datalen, &q931);
 	if (ret < 0) {
 		if (net_ratelimit())
 			printk("ip_ct_q931: decoding error: %s\n",
 			       ret == H323_ERROR_BOUND ?
 			       "out of bound" : "out of range");
+		spin_unlock_bh(&ip_q931_lock);
 		return NF_ACCEPT;
 	}
 
-	spin_lock_bh(&ip_q931_lock);
 	ret = process_q931(pskb, ct, ctinfo, &data, &q931);
 	spin_unlock_bh(&ip_q931_lock);
 
@@ -1454,7 +1456,6 @@ static int process_ras(struct sk_buff **
 	return 0;
 }
 
-
 /****************************************************************************/
 static int ras_help(struct sk_buff **pskb, struct ip_conntrack *ct,
 		    enum ip_conntrack_info ctinfo)
@@ -1462,7 +1463,7 @@ static int ras_help(struct sk_buff **psk
 	unsigned char *data;
 	int datalen;
 	int ret;
-	RasMessage ras;
+	static RasMessage ras;
 
 	data = get_udp_data(pskb, &datalen);
 	if (data == NULL) {
@@ -1473,16 +1474,17 @@ static int ras_help(struct sk_buff **psk
 	       NIPQUAD((*pskb)->nh.iph->saddr),
 	       NIPQUAD((*pskb)->nh.iph->daddr), datalen);
 
+	spin_lock_bh(&ip_ras_lock);
 	ret = DecodeRasMessage(data, datalen, &ras);
 	if (ret < 0) {
 		if (net_ratelimit())
 			printk("ip_ct_ras: decoding error: %s\n",
 			       ret == H323_ERROR_BOUND ?
 			       "out of bound" : "out of range");
+		spin_unlock_bh(&ip_ras_lock);
 		return NF_ACCEPT;
 	}
 
-	spin_lock_bh(&ip_ras_lock);
 	ret = process_ras(pskb, ct, ctinfo, &data, &ras);
 	spin_unlock_bh(&ip_ras_lock);

                 reply	other threads:[~2006-02-25  9:03 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7fe387d dfblob:8d49e74 )
 OR (
bs:"[NETFILTER]: h323 helper: fix excessive stack usage" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44001D70.3050108@trash.net \
    --to=kaber@trash.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=zhaojingmin@hotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.