Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 62fbe9c8 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types 



Fix incorrectly used message types and call IDs:

- PPTP_IN_CALL_REQUEST (PAC->PNS) contains a PptpInCallRequest (icreq)
  message and the PAC call ID

- PPTP_IN_CALL_REPLY (PNS->PAC) contains a PptpInCallReply (icack)
  message and the PNS call ID

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 750a5842

net/ipv4/netfilter/ip_conntrack_helper_pptp.c

+7 −5
Original line number Diff line number Diff line
@@ -355,10 +355,10 @@ pptp_inbound_pkt(struct sk_buff **pskb, 
		if (info->sstate != PPTP_SESSION_CONFIRMED)

			goto invalid;



		pcid = pptpReq->icack.peersCallID;

		DEBUGP("%s, PCID=%X\n", pptp_msg_name[msg], ntohs(pcid));

		cid = pptpReq->icreq.callID;

		DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid));

		info->cstate = PPTP_CALL_IN_REQ;

		info->pac_call_id = pcid;

		info->pac_call_id = cid;

		break;



	case PPTP_IN_CALL_CONNECT:
@@ -458,15 +458,17 @@ pptp_outbound_pkt(struct sk_buff **pskb, 
		    info->cstate != PPTP_CALL_IN_REP)

			goto invalid;



		cid = pptpReq->icack.callID;

		pcid = pptpReq->icack.peersCallID;

		if (info->pac_call_id != pcid)

			goto invalid;

		DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(pcid));

		DEBUGP("%s, CID=%X PCID=%X\n", pptp_msg_name[msg],

		       ntohs(cid), ntohs(pcid));



		if (pptpReq->icack.resultCode == PPTP_INCALL_ACCEPT) {

			/* part two of the three-way handshake */

			info->cstate = PPTP_CALL_IN_REP;

			info->pns_call_id = pcid;

			info->pns_call_id = cid;

		} else

			info->cstate = PPTP_CALL_NONE;

		break;

net/ipv4/netfilter/ip_nat_helper_pptp.c

+1 −1
Original line number Diff line number Diff line
@@ -172,7 +172,7 @@ pptp_outbound_pkt(struct sk_buff **pskb, 
		ct_pptp_info->pns_call_id = new_callid;

		break;

	case PPTP_IN_CALL_REPLY:

		cid_off = offsetof(union pptp_ctrl_union, icreq.callID);

		cid_off = offsetof(union pptp_ctrl_union, icack.callID);

		break;

	case PPTP_CALL_CLEAR_REQUEST:

		cid_off = offsetof(union pptp_ctrl_union, clrreq.callID);