From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29BCB1B4138 for ; Fri, 10 Apr 2026 01:36:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775784982; cv=none; b=rCgmetFwSr64qgcJMlHmkWiG+TKunpxIPMfvKyXyaIxvVylOeovqGGw7FNRgP+4LbPpWqSXrpYCveQdfnJuZz3qKBm6acZDE3/7fwDM7et92IyinfvN9iT+h6OZ94lMp0fWlV43gPhwZrfxV3O/RTBDSvI8vxPzuWo97imRaVLA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775784982; c=relaxed/simple; bh=4f1uV1/D2NMKkySZxEoC8c4upNX8NdJCGj53j64irYA=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=XlSjqbybxlJ2ThslU/qgS8ETxmHU7/lA8+vs1oEM6EC5hEjivG60IEoYLrFPsHij2lf+zjq6v/SYSi53mrfEvGq+dNZpmNsHmNe4GlsMyx8ohPSFIR3aowL0OIt8YZ8DZyj6XrBOf6ux8FL8+0AH6BuI3XxH/ea9QA3TmUNu1i4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FpMy8Ojv; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FpMy8Ojv" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2ad9516a653so7326305ad.0 for ; Thu, 09 Apr 2026 18:36:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775784980; x=1776389780; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=exy9c+Pc6XoRk2nfa9LmtWLNBniIdYcQRFjHjMsl1oA=; b=FpMy8OjvGzFUEkOH9XgSnRsHgzzzScgVHDNijh/p9XcnRJdTnMGkTey6qYBZ0oTEYA QYfktJdXWiot5uDC0Zb5pl8yncME2t8tv2WMHZgMky1Eo+xKAk7U2iCz4NUpLBCU8R2n 6y0EThM7isE7zuAVNtrPS0/JUib063mp9x6tIKuJ+BpIFJvik3v85FeE95QREvONSHuf +AmksOqL8wWd+lq95GQotm6hpImg7Xoq1kPxD0lk1M7H0IRFjsHixOXAgc/nT215Toso VKZjxAxvhdvhf9I9tC7kOZ77CAq8K7HEa50lBwQYJm9vZ4EkzqJEpIL4s9UwBij09W18 XakQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775784980; x=1776389780; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=exy9c+Pc6XoRk2nfa9LmtWLNBniIdYcQRFjHjMsl1oA=; b=LFfdNRWjALalfT9JfP4xlKO7sW0L/4x383VJ6ZoPSImScyS8cSXfz6ee/dUfNNFGGq zEJFSryCaX+OF11SjwgHbkd2SugKpv/kGxFpaxqrbShXGi4ySuLlVh5ZqAB4TW/RSZ+K oARakn5NRP/J+qvL8tUNv+/S9tLIxaxGZ1ag4uEIleWb8zOyHDrb+PP5ZLMT5HlECKPI lFI7ayose/TrETpunlU9MnVKA6LkTpT6n28VuPQAOkQ6PDqqkRbr96lKc/ENATXDd5t3 uAz5XfZfGrWvlHyqxWJSvDGt32LNf3C9MvW6IpUfn8Id3hGWcSXeZ2r0yDRxyaOxEt6J XbWQ== X-Forwarded-Encrypted: i=1; AJvYcCXx4YCiHYAzwofg5T+OIQm6OG3KK59sm7QX5aLzoXKZWEKCEvmERufC/2UwUn9aNEIiDBzZzXm0xaGsjLo=@vger.kernel.org X-Gm-Message-State: AOJu0YymkGlaBKNXLfiilKOVBNdn5JJzQG7YcLFLYpmQ8XNHgLHseXBR TpeKAAheTek4L7vPSVt0077N8b3pUrGVLt4/YS3ii3LhVxKJBbea2QQC9ervVk5ZWex/ww== X-Gm-Gg: AeBDieuv/VuVZLw4+QMZdWtuCGj2YM6hFJ7hj5H8QAHVYk1sKdMCm0xV9DLXPC5leJT u+NjLSF/z+Fti/i3llUT+pbMgf+Y6rcZRX/+OWyS/aijX284lvRR7y0KRiZHswt5RQl14rRVOlx tTWnEoZ9e4G1P8FlgigY0EzBYn4hVEde7re9U7ET5AlNKVAFwQrRPkWZeNJizE7Q9dCLlu00U0B jI6J7N+68GUCqAZlfy1Wgk0qOCZiTXpMIMfoHAKDIbZXLJbQJR2k3O41kQlGw/4m69OW0g9iLvv d1w6uRgj7x9IOuccOTpP8+6qtRVpRfE5rpwBUETvP6Hf4puvM5GobczBJzropVTZwtqXMS2twA+ XiJX7kbjGh5s3B0uilXLeEKLLtsUxWYATz71uKkhXeb5qo8ycv20EcWswZPsA9KnRXPxmhLhKgM AvIWWe49mf8DvIwfM59GDAtrewbWA4kCvGeuKYsodJMzGiOlvidiZ+mrkkLAWz X-Received: by 2002:a17:903:b0b:b0:2b0:6d56:8d29 with SMTP id d9443c01a7336-2b2d5a40027mr12672945ad.32.1775784980479; Thu, 09 Apr 2026 18:36:20 -0700 (PDT) Received: from SLSGDTSWING002 ([129.126.109.177]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b2d4df9bb8sm8810605ad.30.2026.04.09.18.36.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 18:36:19 -0700 (PDT) Date: Fri, 10 Apr 2026 09:36:14 +0800 From: Weiming Shi To: Florian Westphal Cc: Pablo Neira Ayuso , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Phil Sutter , Simon Horman , Patrick McHardy , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Xiang Mei Subject: Re: [PATCH nf] netfilter: nf_conntrack_sip: fix OOB read in epaddr_len and ct_sip_parse_header_uri Message-ID: References: <20260409095056.706441-2-bestswngs@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On 26-04-09 17:22, Florian Westphal wrote: > Weiming Shi wrote: > > In epaddr_len() and ct_sip_parse_header_uri(), after sip_parse_addr() > > successfully parses an IP address, the code checks whether the next > > character is ':' to determine if a port number follows. However, > > neither function verifies that the pointer is still within bounds > > before dereferencing it. > > I already queued up: > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20260313195256.2783257-1-qguanni@gmail.com/ > > for nf-next (I already sent the 'last' PR for 7.0). > > Could you check if that resolves the problem you're reporting? > > > p = simple_strtoul(c, (char **)&c, 10); > > All of these functions require a c-string, which we usually > don't have with network packet parsing. > > IOW, sip helper needs to be audited for these problems > but I don't know when I can get to it. Tested-by: Weiming Shi