From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: stable@vger.kernel.org, davem@davemloft.net
Subject: [-stable-3.8.y 4/9] netfilter: nf_ct_sip: don't drop packets with offsets pointing outside the packet
Date: Tue, 7 May 2013 01:05:23 +0200 [thread overview]
Message-ID: <1367881528-15524-4-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1367881528-15524-1-git-send-email-pablo@netfilter.org>
From: Patrick McHardy <kaber@trash.net>
Some Cisco phones create huge messages that are spread over multiple packets.
After calculating the offset of the SIP body, it is validated to be within
the packet and the packet is dropped otherwise. This breaks operation of
these phones. Since connection tracking is supposed to be passive, just let
those packets pass unmodified and untracked.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[ This patch is a backport of 3a7b21e ]
---
net/netfilter/nf_conntrack_sip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index df8f4f2..b4e0d1c 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1547,7 +1547,7 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
msglen = origlen = end - dptr;
if (msglen > datalen)
- return NF_DROP;
+ return NF_ACCEPT;
ret = process_sip_msg(skb, ct, protoff, dataoff,
&dptr, &msglen);
--
1.7.10.4
next prev parent reply other threads:[~2013-05-06 23:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-06 23:05 [-stable-3.8.y 1/9] ipvs: ip_vs_sip_fill_param() BUG: bad check of return value Pablo Neira Ayuso
2013-05-06 23:05 ` [-stable-3.8.y 2/9] netfilter: nf_nat: fix race when unloading protocol modules Pablo Neira Ayuso
2013-05-06 23:05 ` [-stable-3.8.y 3/9] netfilter: ipset: list:set: fix reference counter update Pablo Neira Ayuso
2013-05-06 23:05 ` Pablo Neira Ayuso [this message]
2013-05-06 23:05 ` [-stable-3.8.y 5/9] netfilter: ipset: "Directory not empty" error message Pablo Neira Ayuso
2013-05-06 23:05 ` [-stable-3.8.y 6/9] netfilter: nf_ct_helper: don't discard helper if it is actually the same Pablo Neira Ayuso
2013-05-06 23:05 ` [-stable-3.8.y 7/9] netfilter: ctnetlink: don't permit ct creation with random tuple Pablo Neira Ayuso
2013-05-06 23:05 ` [-stable-3.8.y 8/9] netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too Pablo Neira Ayuso
2013-05-06 23:05 ` [-stable-3.8.y 9/9] netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths Pablo Neira Ayuso
2013-05-08 22:36 ` [-stable-3.8.y 1/9] ipvs: ip_vs_sip_fill_param() BUG: bad check of return value Greg KH
2013-05-08 23:53 ` Pablo Neira Ayuso
2013-05-09 20:38 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1367881528-15524-4-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).