From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
Pablo Neira Ayuso <pablo@netfilter.org>,
William Roberts <bill.c.roberts@gmail.com>
Subject: [PATCH 3.4 07/12] netfilter: nf_ct_sip: dont drop packets with offsets pointing outside the packet
Date: Mon, 18 Nov 2013 10:41:40 -0800 [thread overview]
Message-ID: <20131118184132.288810521@linuxfoundation.org> (raw)
In-Reply-To: <20131118184130.257996039@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Patrick McHardy <kaber@trash.net>
commit 3a7b21eaf4fb3c971bdb47a98f570550ddfe4471 upstream.
Some Cisco phones create huge messages that are spread over multiple packets.
After calculating the offset of the SIP body, it is validated to be within
the packet and the packet is dropped otherwise. This breaks operation of
these phones. Since connection tracking is supposed to be passive, just let
those packets pass unmodified and untracked.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: William Roberts <bill.c.roberts@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_sip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1468,7 +1468,7 @@ static int sip_help_tcp(struct sk_buff *
msglen = origlen = end - dptr;
if (msglen > datalen)
- return NF_DROP;
+ return NF_ACCEPT;
ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen);
if (ret != NF_ACCEPT)
next prev parent reply other threads:[~2013-11-18 18:41 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-18 18:41 [PATCH 3.4 00/12] 3.4.70-stable review Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 01/12] cxgb3: Fix length calculation in write_ofld_wr() on 32-bit architectures Greg Kroah-Hartman
2013-11-19 10:50 ` Luis Henriques
2013-11-19 23:09 ` Greg Kroah-Hartman
2013-11-20 4:53 ` Guenter Roeck
2013-11-18 18:41 ` [PATCH 3.4 02/12] xen-netback: use jiffies_64 value to calculate credit timeout Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 03/12] net: flow_dissector: fail on evil iph->ihl Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 04/12] PCI: fix truncation of resource size to 32 bits Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 05/12] USB: add new zte 3g-dongles pid to option.c Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 06/12] ALSA: hda - Move one-time init codes from generic_hdmi_init() Greg Kroah-Hartman
2013-11-18 18:41 ` Greg Kroah-Hartman [this message]
2013-11-18 18:41 ` [PATCH 3.4 08/12] tracing: Fix potential out-of-bounds in trace_get_user() Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 09/12] ARM: 7668/1: fix memset-related crashes caused by recent GCC (4.7.2) optimizations Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 10/12] ARM: 7670/1: fix the memset fix Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 11/12] PCI/PM: Clear state_saved during suspend Greg Kroah-Hartman
2013-11-18 18:41 ` [PATCH 3.4 12/12] usb: fix cleanup after failure in hub_configure() Greg Kroah-Hartman
2013-11-19 3:07 ` [PATCH 3.4 00/12] 3.4.70-stable review Guenter Roeck
2013-11-19 18:51 ` Greg Kroah-Hartman
2013-11-20 11:04 ` Satoru Takeuchi
2013-11-20 16:28 ` Greg Kroah-Hartman
2013-11-20 15:28 ` Shuah Khan
2013-11-20 16:28 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131118184132.288810521@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bill.c.roberts@gmail.com \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).