Gitweb:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adcb4711101dfef89d473f64a913089d303962ae
Commit: adcb4711101dfef89d473f64a913089d303962ae
Parent: 7da5bfbb12e327b3a347ee3e076957cd6564eb56
Author: Patrick McHardy <[EMAIL PROTECTED]>
AuthorDate: Tue Jan 30 14:25:24 2007 -0800
Committer: David S. Miller <[EMAIL PROTECTED]>
CommitDate: Tue Jan 30 14:25:24 2007 -0800
[NETFILTER]: SIP conntrack: fix out of bounds memory access
When checking for an @-sign in skp_epaddr_len, make sure not to
run over the packet boundaries.
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
net/ipv4/netfilter/ip_conntrack_sip.c | 2 +-
net/netfilter/nf_conntrack_sip.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c
b/net/ipv4/netfilter/ip_conntrack_sip.c
index 571d27e..11c588a 100644
--- a/net/ipv4/netfilter/ip_conntrack_sip.c
+++ b/net/ipv4/netfilter/ip_conntrack_sip.c
@@ -292,7 +292,7 @@ static int skp_epaddr_len(const char *dptr, const char
*limit, int *shift)
dptr++;
}
- if (*dptr == '@') {
+ if (dptr <= limit && *dptr == '@') {
dptr++;
(*shift)++;
} else
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index c93fb37..9dec115 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -312,7 +312,7 @@ static int skp_epaddr_len(struct nf_conn *ct, const char
*dptr,
dptr++;
}
- if (*dptr == '@') {
+ if (dptr <= limit && *dptr == '@') {
dptr++;
(*shift)++;
} else
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
