lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: xt_sctp: fix endless loop caused by 0 chunk length

Browse Source 
Fix endless loop in the SCTP match similar to those already fixed in
the SCTP conntrack helper (was CVE-2006-1527).

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
2006-06-19 23:39:45 -07:00
committed by David S. Miller
parent 25f42b6af0
commit d3dcd4efe2
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/netfilter/xt_sctp.c
View File

@@ -62,7 +62,7 @@ match_packet(const struct sk_buff *skb,
do { do {
sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch); sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
if (sch == NULL) { if (sch == NULL || sch->length == 0) {
duprintf("Dropping invalid SCTP packet.\n"); duprintf("Dropping invalid SCTP packet.\n");
*hotdrop = 1; *hotdrop = 1;
return 0; return 0;