Commit adcb4711 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: SIP conntrack: fix out of bounds memory access

When checking for an @-sign in skp_epaddr_len, make sure not to
run over the packet boundaries.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7da5bfbb
...@@ -292,7 +292,7 @@ static int skp_epaddr_len(const char *dptr, const char *limit, int *shift) ...@@ -292,7 +292,7 @@ static int skp_epaddr_len(const char *dptr, const char *limit, int *shift)
dptr++; dptr++;
} }
if (*dptr == '@') { if (dptr <= limit && *dptr == '@') {
dptr++; dptr++;
(*shift)++; (*shift)++;
} else } else
......
...@@ -312,7 +312,7 @@ static int skp_epaddr_len(struct nf_conn *ct, const char *dptr, ...@@ -312,7 +312,7 @@ static int skp_epaddr_len(struct nf_conn *ct, const char *dptr,
dptr++; dptr++;
} }
if (*dptr == '@') { if (dptr <= limit && *dptr == '@') {
dptr++; dptr++;
(*shift)++; (*shift)++;
} else } else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment