Skip to content

Commit

Permalink
[NETFILTER]: H.323 helper: fix endless loop caused by invalid TPKT len
Browse files Browse the repository at this point in the history 
When the TPKT len included in the packet is below the lowest valid value
of 4 an underflow occurs which results in an endless loop.

Found by testcase 0000058 from the PROTOS c07-h2250v4 testsuite.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Patrick McHardy authored and David S. Miller committed May 4, 2006
1 parent e17df68 commit 6fd7370
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions net/ipv4/netfilter/ip_conntrack_helper_h323.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,8 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,

/* Validate TPKT length */
tpktlen = tpkt[2] * 256 + tpkt[3];
if (tpktlen < 4)
goto clear_out;
if (tpktlen > tcpdatalen) {
if (tcpdatalen == 4) { /* Separate TPKT header */
/* Netmeeting sends TPKT header and data separately */
Expand Down

0 comments on commit 6fd7370

Please sign in to comment.