GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-07 15:01:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[NETFILTER]: nf_conntrack_tcp: catch invalid state updates over ctnetlink

Browse source 
Invalid states can cause out-of-bound memory accesses of the state table.
Also don't insist on having a new state contained in the netlink message.

Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Patrick McHardy 2008-04-14 11:15:52 +02:00
parent dd13b01036
commit 5f7da4d26d
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
net/netfilter/nf_conntrack_proto_tcp.c
View file

@ -1129,11 +1129,13 @@ static int nlattr_to_tcp(struct nlattr *cda[], struct nf_conn *ct)
if (err < 0) if (err < 0)
return err; return err;
if (!tb[CTA_PROTOINFO_TCP_STATE]) if (tb[CTA_PROTOINFO_TCP_STATE] &&
nla_get_u8(tb[CTA_PROTOINFO_TCP_STATE]) >= TCP_CONNTRACK_MAX)
return -EINVAL; return -EINVAL;
write_lock_bh(&tcp_lock); write_lock_bh(&tcp_lock);
ct->proto.tcp.state = nla_get_u8(tb[CTA_PROTOINFO_TCP_STATE]); if (tb[CTA_PROTOINFO_TCP_STATE])
ct->proto.tcp.state = nla_get_u8(tb[CTA_PROTOINFO_TCP_STATE]);
if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL]) { if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL]) {
struct nf_ct_tcp_flags *attr = struct nf_ct_tcp_flags *attr =