* [patch] netfilter: default to NF_DROP in sip_help_tcp()
@ 2010-07-10 3:16 Simon Horman
2010-07-14 12:23 ` Patrick McHardy
0 siblings, 1 reply; 6+ messages in thread
From: Simon Horman @ 2010-07-10 3:16 UTC (permalink / raw)
To: netfilter-devel, netdev; +Cc: Patrick McHardy
I initially noticed this because of the compiler warning below, but it does
seem to be a valid concern in the case where ct_sip_get_header() returns 0
in the first iteration of the while loop.
net/netfilter/nf_conntrack_sip.c: In function 'sip_help_tcp':
net/netfilter/nf_conntrack_sip.c:1379: warning: 'ret' may be used uninitialized in this function
Signed-off-by: Simon Horman <horms@verge.net.au>
Index: nf-next-2.6/net/netfilter/nf_conntrack_sip.c
===================================================================
--- nf-next-2.6.orig/net/netfilter/nf_conntrack_sip.c 2010-07-10 12:11:52.000000000 +0900
+++ nf-next-2.6/net/netfilter/nf_conntrack_sip.c 2010-07-10 12:11:57.000000000 +0900
@@ -1376,7 +1376,7 @@ static int sip_help_tcp(struct sk_buff *
unsigned int msglen, origlen;
const char *dptr, *end;
s16 diff, tdiff = 0;
- int ret;
+ int ret = NF_DROP;
typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
if (ctinfo != IP_CT_ESTABLISHED &&
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch] netfilter: default to NF_DROP in sip_help_tcp()
2010-07-10 3:16 [patch] netfilter: default to NF_DROP in sip_help_tcp() Simon Horman
@ 2010-07-14 12:23 ` Patrick McHardy
2010-07-14 12:38 ` Simon Horman
2010-08-04 8:07 ` Simon Horman
0 siblings, 2 replies; 6+ messages in thread
From: Patrick McHardy @ 2010-07-14 12:23 UTC (permalink / raw)
To: Simon Horman; +Cc: netfilter-devel, netdev
On 10.07.2010 05:16, Simon Horman wrote:
> I initially noticed this because of the compiler warning below, but it does
> seem to be a valid concern in the case where ct_sip_get_header() returns 0
> in the first iteration of the while loop.
>
> net/netfilter/nf_conntrack_sip.c: In function 'sip_help_tcp':
> net/netfilter/nf_conntrack_sip.c:1379: warning: 'ret' may be used uninitialized in this function
Thanks Simon. I've applied the patch, but changed NF_DROP to
NF_ACCEPT since we should avoid dropping packets with unknown
contents (not SIP) if possible.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch] netfilter: default to NF_DROP in sip_help_tcp()
2010-07-14 12:23 ` Patrick McHardy
@ 2010-07-14 12:38 ` Simon Horman
2010-08-04 8:07 ` Simon Horman
1 sibling, 0 replies; 6+ messages in thread
From: Simon Horman @ 2010-07-14 12:38 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, netdev
On Wed, Jul 14, 2010 at 02:23:01PM +0200, Patrick McHardy wrote:
> On 10.07.2010 05:16, Simon Horman wrote:
> > I initially noticed this because of the compiler warning below, but it does
> > seem to be a valid concern in the case where ct_sip_get_header() returns 0
> > in the first iteration of the while loop.
> >
> > net/netfilter/nf_conntrack_sip.c: In function 'sip_help_tcp':
> > net/netfilter/nf_conntrack_sip.c:1379: warning: 'ret' may be used uninitialized in this function
>
> Thanks Simon. I've applied the patch, but changed NF_DROP to
> NF_ACCEPT since we should avoid dropping packets with unknown
> contents (not SIP) if possible.
Thanks, to be honest I was a bit unsure of what policy was best.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch] netfilter: default to NF_DROP in sip_help_tcp()
2010-07-14 12:23 ` Patrick McHardy
2010-07-14 12:38 ` Simon Horman
@ 2010-08-04 8:07 ` Simon Horman
2010-08-04 16:10 ` Patrick McHardy
1 sibling, 1 reply; 6+ messages in thread
From: Simon Horman @ 2010-08-04 8:07 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, netdev
On Wed, Jul 14, 2010 at 02:23:01PM +0200, Patrick McHardy wrote:
> On 10.07.2010 05:16, Simon Horman wrote:
> > I initially noticed this because of the compiler warning below, but it does
> > seem to be a valid concern in the case where ct_sip_get_header() returns 0
> > in the first iteration of the while loop.
> >
> > net/netfilter/nf_conntrack_sip.c: In function 'sip_help_tcp':
> > net/netfilter/nf_conntrack_sip.c:1379: warning: 'ret' may be used uninitialized in this function
>
> Thanks Simon. I've applied the patch, but changed NF_DROP to
> NF_ACCEPT since we should avoid dropping packets with unknown
> contents (not SIP) if possible.
Hi Patrick,
I'm not seeing this patch in nf-next-2.6.
Am I looking in the wrong place?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch] netfilter: default to NF_DROP in sip_help_tcp()
2010-08-04 8:07 ` Simon Horman
@ 2010-08-04 16:10 ` Patrick McHardy
2010-08-05 0:34 ` Simon Horman
0 siblings, 1 reply; 6+ messages in thread
From: Patrick McHardy @ 2010-08-04 16:10 UTC (permalink / raw)
To: Simon Horman; +Cc: netfilter-devel, netdev
Am 04.08.2010 10:07, schrieb Simon Horman:
> On Wed, Jul 14, 2010 at 02:23:01PM +0200, Patrick McHardy wrote:
>> On 10.07.2010 05:16, Simon Horman wrote:
>>> I initially noticed this because of the compiler warning below, but it does
>>> seem to be a valid concern in the case where ct_sip_get_header() returns 0
>>> in the first iteration of the while loop.
>>>
>>> net/netfilter/nf_conntrack_sip.c: In function 'sip_help_tcp':
>>> net/netfilter/nf_conntrack_sip.c:1379: warning: 'ret' may be used uninitialized in this function
>>
>> Thanks Simon. I've applied the patch, but changed NF_DROP to
>> NF_ACCEPT since we should avoid dropping packets with unknown
>> contents (not SIP) if possible.
>
> Hi Patrick,
>
> I'm not seeing this patch in nf-next-2.6.
> Am I looking in the wrong place?
I was struggling with some file system corruption and didn't manage
to send it out in time, sorry. I'll include it in the next batch of
patches for .36 and will also push it to -stable.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [patch] netfilter: default to NF_DROP in sip_help_tcp()
2010-08-04 16:10 ` Patrick McHardy
@ 2010-08-05 0:34 ` Simon Horman
0 siblings, 0 replies; 6+ messages in thread
From: Simon Horman @ 2010-08-05 0:34 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, netdev
On Wed, Aug 04, 2010 at 06:10:42PM +0200, Patrick McHardy wrote:
> Am 04.08.2010 10:07, schrieb Simon Horman:
> > On Wed, Jul 14, 2010 at 02:23:01PM +0200, Patrick McHardy wrote:
> >> On 10.07.2010 05:16, Simon Horman wrote:
> >>> I initially noticed this because of the compiler warning below, but it does
> >>> seem to be a valid concern in the case where ct_sip_get_header() returns 0
> >>> in the first iteration of the while loop.
> >>>
> >>> net/netfilter/nf_conntrack_sip.c: In function 'sip_help_tcp':
> >>> net/netfilter/nf_conntrack_sip.c:1379: warning: 'ret' may be used uninitialized in this function
> >>
> >> Thanks Simon. I've applied the patch, but changed NF_DROP to
> >> NF_ACCEPT since we should avoid dropping packets with unknown
> >> contents (not SIP) if possible.
> >
> > Hi Patrick,
> >
> > I'm not seeing this patch in nf-next-2.6.
> > Am I looking in the wrong place?
>
> I was struggling with some file system corruption and didn't manage
> to send it out in time, sorry. I'll include it in the next batch of
> patches for .36 and will also push it to -stable.
Thanks, I'm happy so long as it makes it eventually.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-08-05 0:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-10 3:16 [patch] netfilter: default to NF_DROP in sip_help_tcp() Simon Horman
2010-07-14 12:23 ` Patrick McHardy
2010-07-14 12:38 ` Simon Horman
2010-08-04 8:07 ` Simon Horman
2010-08-04 16:10 ` Patrick McHardy
2010-08-05 0:34 ` Simon Horman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).