RE: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-13 Thread Gao Feng
> -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Friday, April 14, 2017 5:45 AM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf 1/1] netfilter: seqadj: Fix

Re: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-13 Thread Pablo Neira Ayuso
On Thu, Apr 13, 2017 at 11:42:49PM +0200, Pablo Neira Ayuso wrote: > On Thu, Apr 13, 2017 at 11:37:05PM +0200, Pablo Neira Ayuso wrote: > > On Mon, Apr 10, 2017 at 06:36:03PM +0800, gfree.w...@foxmail.com wrote: > > > From: Gao Feng > > > > > > The current call path of

Re: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-13 Thread Pablo Neira Ayuso
On Thu, Apr 13, 2017 at 11:37:05PM +0200, Pablo Neira Ayuso wrote: > On Mon, Apr 10, 2017 at 06:36:03PM +0800, gfree.w...@foxmail.com wrote: > > From: Gao Feng > > > > The current call path of nf_ct_tcp_seqadj_set is the following. > > > >

Re: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-13 Thread Pablo Neira Ayuso
On Mon, Apr 10, 2017 at 06:36:03PM +0800, gfree.w...@foxmail.com wrote: > From: Gao Feng > > The current call path of nf_ct_tcp_seqadj_set is the following. > > nfqnl_recv_verdict->ctnetlink_glue_hook->ctnetlink_glue_seqadj > ->nf_ct_tcp_seqadj_set. > > It couldn't make sure

RE: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-10 Thread 高峰
el@vger.kernel.org> > Subject: RE: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access > for TCP header > > Hi Pablo, > > > -Original Message- > > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > > Sent: Monday, April 10

RE: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-10 Thread Gao Feng
Hi Pablo, > -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Monday, April 10, 2017 8:07 PM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf 1/1] netfilter:

RE: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-10 Thread 高峰
Hi Pablo, > -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Monday, April 10, 2017 8:07 PM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf 1/1] netfilter:

Re: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-10 Thread Pablo Neira Ayuso
On Mon, Apr 10, 2017 at 06:36:03PM +0800, gfree.w...@foxmail.com wrote: > From: Gao Feng > > The current call path of nf_ct_tcp_seqadj_set is the following. > > nfqnl_recv_verdict->ctnetlink_glue_hook->ctnetlink_glue_seqadj > ->nf_ct_tcp_seqadj_set. > > It couldn't make sure

[PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

2017-04-10 Thread gfree . wind
From: Gao Feng The current call path of nf_ct_tcp_seqadj_set is the following. nfqnl_recv_verdict->ctnetlink_glue_hook->ctnetlink_glue_seqadj ->nf_ct_tcp_seqadj_set. It couldn't make sure the TCP header is in the linear data part. So use the skb_header_pointer instead of the