[Devel] [patch RH7] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6

Vasily Averin Tue, 09 Jun 2020 01:42:10 -0700

Lost .data_len definition leads to write beyond end of
struct nf_conn_help. Usually it corrupts following
struct nf_conn_nat, however if nat is not loaded it corrupts
following slab object.


https://patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/
https://bugs.openvz.org/browse/OVZ-7188
Signed-off-by: Vasily Averin <[email protected]>
---
 net/netfilter/nf_conntrack_h323_main.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/nf_conntrack_h323_main.c 
b/net/netfilter/nf_conntrack_h323_main.c
index f65d93639d12..29fe1e7eac88 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -1225,6 +1225,7 @@ static struct nf_conntrack_helper 
nf_conntrack_helper_q931[] __read_mostly = {
        {
                .name                   = "Q.931",
                .me                     = THIS_MODULE,
+               .data_len               = sizeof(struct nf_ct_h323_master),
                .tuple.src.l3num        = AF_INET6,
                .tuple.src.u.tcp.port   = cpu_to_be16(Q931_PORT),
                .tuple.dst.protonum     = IPPROTO_TCP,
-- 
2.17.1

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [patch RH7] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6

Reply via email to