Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit adcb4711 authored Jan 30, 2007 by Patrick McHardy Committed by David S. Miller Jan 30, 2007

[NETFILTER]: SIP conntrack: fix out of bounds memory access



When checking for an @-sign in skp_epaddr_len, make sure not to
run over the packet boundaries.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 7da5bfbb

net/ipv4/netfilter/ip_conntrack_sip.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -292,7 +292,7 @@ static int skp_epaddr_len(const char dptr, const char limit, int *shift)
	dptr++;		dptr++;
	}		}

	if (*dptr == '@') {		if (dptr <= limit && *dptr == '@') {
	dptr++;		dptr++;
	(*shift)++;		(*shift)++;
	} else		} else

net/netfilter/nf_conntrack_sip.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -312,7 +312,7 @@ static int skp_epaddr_len(struct nf_conn ct, const char dptr,
	dptr++;		dptr++;
	}		}

	if (*dptr == '@') {		if (dptr <= limit && *dptr == '@') {
	dptr++;		dptr++;
	(*shift)++;		(*shift)++;
	} else		} else