Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 274ea0e2 authored by Patrick McHardy's avatar Patrick McHardy
Browse files

netfilter: nf_ct_sip: validate Content-Length in TCP SIP messages 



Verify that the message length of a single SIP message, which is calculated
based on the Content-Length field contained in the SIP message, does not
exceed the packet boundaries.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 74973f6f

net/netfilter/nf_conntrack_sip.c

+2 −0
Original line number Diff line number Diff line
@@ -1461,6 +1461,8 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff, 
		end += strlen("\r\n\r\n") + clen;



		msglen = origlen = end - dptr;

		if (msglen > datalen)

			return NF_DROP;



		ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen);

		if (ret != NF_ACCEPT)