* netfilter 00/02: netfilter fixes
@ 2010-02-02 16:27 Patrick McHardy
2010-02-02 16:27 ` netfilter 01/02: nf_conntrack_sip: fix off-by-one in compact header parsing Patrick McHardy
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Patrick McHardy @ 2010-02-02 16:27 UTC (permalink / raw)
To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel
Hi Dave,
the following two patches fix two bugs in netfilter:
- an off-by-one in SIP conntrack short header parsing, causing mismatches
with UAs not inserting a space after the colon
- a missing initialization in ctnetlink when dumping an expectation mask,
causing an invalid layer 4 protocol number to be used
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master
Thanks!
net/netfilter/nf_conntrack_netlink.c | 3 ++-
net/netfilter/nf_conntrack_sip.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
Patrick McHardy (2):
netfilter: nf_conntrack_sip: fix off-by-one in compact header parsing
netfilter: ctnetlink: fix expectation mask dump
^ permalink raw reply [flat|nested] 4+ messages in thread
* netfilter 01/02: nf_conntrack_sip: fix off-by-one in compact header parsing
2010-02-02 16:27 netfilter 00/02: netfilter fixes Patrick McHardy
@ 2010-02-02 16:27 ` Patrick McHardy
2010-02-02 16:27 ` netfilter 02/02: ctnetlink: fix expectation mask dump Patrick McHardy
2010-02-02 17:05 ` netfilter 00/02: netfilter fixes David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2010-02-02 16:27 UTC (permalink / raw)
To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel
commit 135d01899b1fba17045961febff7e5141db6048f
Author: Patrick McHardy <kaber@trash.net>
Date: Tue Jan 19 19:06:59 2010 +0100
netfilter: nf_conntrack_sip: fix off-by-one in compact header parsing
In a string like "v:SIP/2.0..." it was checking for !isalpha('S') when it
meant to be inspecting the ':'.
Patch by Greg Alexander <greqcs@galexander.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 4b57216..023966b 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -376,7 +376,7 @@ int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
dptr += hdr->len;
else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
- !isalpha(*(dptr + hdr->clen + 1)))
+ !isalpha(*(dptr + hdr->clen)))
dptr += hdr->clen;
else
continue;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* netfilter 02/02: ctnetlink: fix expectation mask dump
2010-02-02 16:27 netfilter 00/02: netfilter fixes Patrick McHardy
2010-02-02 16:27 ` netfilter 01/02: nf_conntrack_sip: fix off-by-one in compact header parsing Patrick McHardy
@ 2010-02-02 16:27 ` Patrick McHardy
2010-02-02 17:05 ` netfilter 00/02: netfilter fixes David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2010-02-02 16:27 UTC (permalink / raw)
To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel
commit e578756c35859a459d78d8416195bc5f5ff897d0
Author: Patrick McHardy <kaber@trash.net>
Date: Tue Jan 26 17:04:02 2010 +0100
netfilter: ctnetlink: fix expectation mask dump
The protocol number is not initialized, so userspace can't interpret
the layer 4 data properly.
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 59d8064..42f21c0 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1437,8 +1437,9 @@ ctnetlink_exp_dump_mask(struct sk_buff *skb,
struct nlattr *nest_parms;
memset(&m, 0xFF, sizeof(m));
- m.src.u.all = mask->src.u.all;
memcpy(&m.src.u3, &mask->src.u3, sizeof(m.src.u3));
+ m.src.u.all = mask->src.u.all;
+ m.dst.protonum = tuple->dst.protonum;
nest_parms = nla_nest_start(skb, CTA_EXPECT_MASK | NLA_F_NESTED);
if (!nest_parms)
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: netfilter 00/02: netfilter fixes
2010-02-02 16:27 netfilter 00/02: netfilter fixes Patrick McHardy
2010-02-02 16:27 ` netfilter 01/02: nf_conntrack_sip: fix off-by-one in compact header parsing Patrick McHardy
2010-02-02 16:27 ` netfilter 02/02: ctnetlink: fix expectation mask dump Patrick McHardy
@ 2010-02-02 17:05 ` David Miller
2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2010-02-02 17:05 UTC (permalink / raw)
To: kaber; +Cc: netdev, netfilter-devel
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 2 Feb 2010 17:27:37 +0100 (MET)
> the following two patches fix two bugs in netfilter:
>
> - an off-by-one in SIP conntrack short header parsing, causing mismatches
> with UAs not inserting a space after the colon
>
> - a missing initialization in ctnetlink when dumping an expectation mask,
> causing an invalid layer 4 protocol number to be used
>
> Please apply or pull from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master
Pulled, thanks Patrick.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-02-02 17:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-02 16:27 netfilter 00/02: netfilter fixes Patrick McHardy
2010-02-02 16:27 ` netfilter 01/02: nf_conntrack_sip: fix off-by-one in compact header parsing Patrick McHardy
2010-02-02 16:27 ` netfilter 02/02: ctnetlink: fix expectation mask dump Patrick McHardy
2010-02-02 17:05 ` netfilter 00/02: netfilter fixes David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).