Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d3dcd4ef authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: xt_sctp: fix endless loop caused by 0 chunk length 



Fix endless loop in the SCTP match similar to those already fixed in
the SCTP conntrack helper (was CVE-2006-1527).

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 25f42b6a

net/netfilter/xt_sctp.c

+1 −1
Original line number Diff line number Diff line
@@ -62,7 +62,7 @@ match_packet(const struct sk_buff *skb, 


	do {

		sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);

		if (sch == NULL) {

		if (sch == NULL || sch->length == 0) {

			duprintf("Dropping invalid SCTP packet.\n");

			*hotdrop = 1;

			return 0;