Thanks Eric for replying > -----Original Messages----- > From: "Eric Dumazet" <[email protected]> > Sent Time: Thursday, January 28, 2016 > To: "Zhouyi Zhou" <[email protected]> > Cc: [email protected], [email protected], [email protected], > [email protected], [email protected], [email protected], > [email protected], [email protected], "Zhouyi Zhou" > <[email protected]> > Subject: Re: [PATCH V2] netfilter: h323: avoid potential attack > > On Thu, 2016-01-28 at 16:59 +0800, Zhouyi Zhou wrote: > > Thanks Eric for your review and advice. > > > > I think hackers chould build a malicious h323 packet to overflow > > the pointer p which will panic during the memcpy(addr, p, len) > > > > For example, he may fabricate a very large taddr->ipAddress.ip; > > > > Signed-off-by: Zhouyi Zhou <[email protected]> > > --- > > Except you did not address my feedback about potentially reading not > initialized memory. > > if the frame length was 1000 bytes, then surely accessing memory at > offset 8000 will either read garbage, or read data from a prior frame > and leak secrets. My patch is intend to prevent kernel panic, to prevent reading garbage or read data from a prior frame and leak secrets, the prototypes of the get_h2x5_addr functions and the functions that call get_h2x5_addr should be changed, should we do this? > > > Cheers Zhouyi
-- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
