From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 25C79376BFB for ; Thu, 26 Feb 2026 11:47:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772106467; cv=none; b=Vue98EPa/1vyoRNcitqTJVhKh1zOkNMoRUYrrEkyzjrt0neC4xyzlO/UJY7fpGTnvJpEQ0s6hBm1WERol7ay0X6vOxPHKv7r2Eamsw92JNJqzNHp0UYm+b71eSBt3/qa1E7iCqN9j7K3nwpz2QcG/Lc4kqOxwf/020FIst2830M= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772106467; c=relaxed/simple; bh=63IqKXaFIPctdLWlMHfkf8YFp98sS+E/eEbEi7A8Pqc=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=X0KTx5GFYrBTqHeZySXTb/kXjwngUbAnfeoeADpE94z0SYNp+BH2ruyOONGRUL4rY5/oKIt+o2jiuUgoXxrE5vbzKzObHo1iocuPUP6mq5NsnmcYSFDdUz9Z/CpNJTzUty4IF00ohmKGOR5+/mLdH0Ti2aRzJI/DzwX50eeTzSg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dos3UwN1; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=qwJw0HvI; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dos3UwN1"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="qwJw0HvI" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1772106465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UFuOLzcif/PTmhkzbfcWeKLXkT4K/BM6Lfore69nCbE=; b=dos3UwN1x1Pd0J89R82VcE3Lj2ml+jU9tFofbo2r1yT9z7kbcQhCnOpJB/YFmemq9i51ww MT6JSawJHDFsfmdES+Z3Tr16cbgEF2MnyqaY5HMVd+0QZOF2bLV9bSYCHzjyFiKiuH5lqI xusUVy53JA3aHgUobe8Tw41dmV6EQSU= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-267-TwFKUvUXM0ejVtW_S1v1Cw-1; Thu, 26 Feb 2026 06:47:43 -0500 X-MC-Unique: TwFKUvUXM0ejVtW_S1v1Cw-1 X-Mimecast-MFC-AGG-ID: TwFKUvUXM0ejVtW_S1v1Cw_1772106463 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-43637c70876so735846f8f.2 for ; Thu, 26 Feb 2026 03:47:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1772106462; x=1772711262; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:fcc:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=UFuOLzcif/PTmhkzbfcWeKLXkT4K/BM6Lfore69nCbE=; b=qwJw0HvIOxhNd5bDPRSmrWgCcTjaeLyWWMt8KFLM+3YelbZDxoRopA5ROojlo0h1Il Ou+KB3QAv7jgAcULWUC4SaOBBdUr/K6pHVf+WDTpHjAWrTKLeHdfFtgsmG+3OBQqHSZa W4HZ/a1CPZGEvXFOSglhVZSFgbS8H9BHGn3qYwy6RGF+mp7U1F51seJ36lF3z8sZMk3P AqSUs3E2F4tFWfDgav91Vm/QxDmMZ5nvvtPdDLsk6f1Psr+Cp/c7euQTV7EttrqGd9Xa Y070sQBNCtJDsljP53qD9PfmpP0Lh1CM6lGMR7fNwhYJ1IqQZlcj3dK+nxTAhU43lI26 nL4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772106462; x=1772711262; h=content-transfer-encoding:in-reply-to:fcc:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UFuOLzcif/PTmhkzbfcWeKLXkT4K/BM6Lfore69nCbE=; b=ixOy4FL6gqC4Op5lg1sm+tezGxeeLi3RoNStj6qvK30yTtN1h4XABG7qzRseJcNIV9 gcmXI/Se+WeRTXAdnAjNmv8c0xtQcucf8uhCunaSYYruQ3EyAhlndSyMoIPoGJB9/2yp A4K/1Wtxq6kt1AeP2rzS86svffRmzn8c7W+C9Etbh8FPc7hfeEkIXvvVPCzzYdugR/8O BrWqdWFvZgORd8zAjMoQC23tQQ3YiyYpcJ3CupGmU8a/0uD7daSaqShomX6s4XtRtEKm lq2nybHLC3qYNe0aAAGMuU/57ZZXJwjY61fv8goDEb47bd9OlVphq4JRK6j0sWbewV+Y sGPw== X-Forwarded-Encrypted: i=1; AJvYcCWIBQBBqlVkzpI5DS1V3hj6hXo9XmW8vlNQBwD5h2MR69jTCYsvUa5NHumOpM1vYOIemqXTHRQ=@vger.kernel.org X-Gm-Message-State: AOJu0YxzZPFN2a9toCFrNPhVTMKQTv0zzwQx3DyLPzjapzhlsazQ5fmP 03bn2t0zterhnHc1t9/0k2VNV3FSR4blq/VZV0wC0J8AShrq3OJtmCnSKmcqP2Cq3CMpBBRjPpj 4vrne/ciIn1TQR3nRgyi2dQRQ0Q5dNA29TX7CU2tqhRasueVSMhUw+IssEA== X-Gm-Gg: ATEYQzysKOzZTAB8TL1ZPxHmwcm1rV4a4oGIX7nmTGqGNK/IwnRKz539dSzfvYexbA4 ZHDxoonCd5FhgQ6YQzgbccbcnc5YXGZpby4ikkoqgtybs3MaYsNZXKDqk//zI8qpGrG+TdHo5We 51qGTcIfv9kRgJMZhbIUOG8e4/mihBM+ogHgYG4OiRIdzrkjr8yco7Is5xDsY4z8khhEr0bHKFM TtG0weB3tLLhbNQzUryei42JvHv9LiKwC109YUszTIq/r4r1ft/oCftodlOYgjYY4xJRKBCJrNH GEARwDLWIPNxB/cuL/2DdXlGZahzYopGuFPYwAJCZroUN/7ENzU6nCRzh8qbrhN4y4cMWvd9q+V BIFSTBapf12C0YUQ3eoOln7IuJw== X-Received: by 2002:a05:6000:2283:b0:437:6629:9b82 with SMTP id ffacd0b85a97d-439943060camr6730299f8f.52.1772106462543; Thu, 26 Feb 2026 03:47:42 -0800 (PST) X-Received: by 2002:a05:6000:2283:b0:437:6629:9b82 with SMTP id ffacd0b85a97d-439943060camr6730260f8f.52.1772106462086; Thu, 26 Feb 2026 03:47:42 -0800 (PST) Received: from [192.168.88.32] ([212.105.149.227]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43992ced321sm8566709f8f.35.2026.02.26.03.47.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 26 Feb 2026 03:47:41 -0800 (PST) Message-ID: <61b18149-17e4-439a-97d3-74f0dc20a78f@redhat.com> Date: Thu, 26 Feb 2026 12:47:40 +0100 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH net 1/2] netfilter: nf_conntrack_h323: fix OOB read in decode_choice() To: Florian Westphal Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , netfilter-devel@vger.kernel.org, pablo@netfilter.org, netdev@vger.kernel.org References: <20260225130619.1248-1-fw@strlen.de> <20260225130619.1248-2-fw@strlen.de> Content-Language: en-US From: Paolo Abeni X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; DSN=0; uuencode=0; attachmentreminder=0; deliveryformat=1 X-Identity-Key: id1 Fcc: imap://pabeni%40redhat.com@imap.gmail.com/[Gmail]/Sent Mail In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 2/26/26 10:10 AM, Florian Westphal wrote: > Florian Westphal wrote: >> From: Vahagn Vardanian >> >> In decode_choice(), the boundary check before get_len() uses the >> variable `len`, which is still 0 from its initialization at the top of >> the function: >> > > @net maintainers: would you mind applying this patch directly? > > I don't know when Pablo can re-spin his fix, and I don't want > to hold up the H323 patch. Makes sense. Note that I'll apply the patch (as opposed to pull it), meaning it will get a new hash. Please scream very loudly, very soon if you prefer otherwise! /P