Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adcb4711101dfef89d473f64a913089d303962ae Commit: adcb4711101dfef89d473f64a913089d303962ae Parent: 7da5bfbb12e327b3a347ee3e076957cd6564eb56 Author: Patrick McHardy <[EMAIL PROTECTED]> AuthorDate: Tue Jan 30 14:25:24 2007 -0800 Committer: David S. Miller <[EMAIL PROTECTED]> CommitDate: Tue Jan 30 14:25:24 2007 -0800
[NETFILTER]: SIP conntrack: fix out of bounds memory access When checking for an @-sign in skp_epaddr_len, make sure not to run over the packet boundaries. Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]> Signed-off-by: David S. Miller <[EMAIL PROTECTED]> --- net/ipv4/netfilter/ip_conntrack_sip.c | 2 +- net/netfilter/nf_conntrack_sip.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c index 571d27e..11c588a 100644 --- a/net/ipv4/netfilter/ip_conntrack_sip.c +++ b/net/ipv4/netfilter/ip_conntrack_sip.c @@ -292,7 +292,7 @@ static int skp_epaddr_len(const char *dptr, const char *limit, int *shift) dptr++; } - if (*dptr == '@') { + if (dptr <= limit && *dptr == '@') { dptr++; (*shift)++; } else diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index c93fb37..9dec115 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -312,7 +312,7 @@ static int skp_epaddr_len(struct nf_conn *ct, const char *dptr, dptr++; } - if (*dptr == '@') { + if (dptr <= limit && *dptr == '@') { dptr++; (*shift)++; } else - To unsubscribe from this list: send the line "unsubscribe git-commits-head" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html