[NETFILTER]: H.323 helper: fix endless loop caused by invalid TPKT len

[NETFILTER]: H.323 helper: fix endless loop caused by invalid TPKT len

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 198 bytes --]

I ran the PROTOS c07-h2250v4 testsuite against the H.323 helper today
and found two bugs. I'm sending you both patches for review, if you
don't object I'll push them upstream in a couple of hours.


[-- Attachment #2: x1 --]
[-- Type: text/plain, Size: 1275 bytes --]

[NETFILTER]: H.323 helper: fix endless loop caused by invalid TPKT len

Then the TPKT len included in the packet is below the lowest valid value
of 4 an underflow occurs which results in an endless loop.

Found by testcase 0000058 from the PROTOS c07-h2250v4 testsuite.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 5074fd5f2344bc58355868c75c8abcd4145cde84
tree e99ca72642028c42ef67852b4584b6fef1ebe98a
parent c257fd2cb88fe09a510c696e4bbd442a4ee9f6fe
author Patrick McHardy <kaber@trash.net> Fri, 28 Apr 2006 11:35:55 +0200
committer Patrick McHardy <kaber@trash.net> Fri, 28 Apr 2006 11:35:55 +0200

 net/ipv4/netfilter/ip_conntrack_helper_h323.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index 2c2fb70..518f581 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -162,6 +162,8 @@ static int get_tpkt_data(struct sk_buff 
 
 	/* Validate TPKT length */
 	tpktlen = tpkt[2] * 256 + tpkt[3];
+	if (tpktlen < 4)
+		goto clear_out;
 	if (tpktlen > tcpdatalen) {
 		if (tcpdatalen == 4) {	/* Separate TPKT header */
 			/* Netmeeting sends TPKT header and data separately */