From 9e1e1da9b3fd87cea1a781adcfd9b5ea48c9c682 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 7 Sep 2008 18:21:24 -0700 Subject: [PATCH] --- yaml --- r: 109674 b: refs/heads/master c: e3b802ba885b54f4050164c3cfd9e0ba9c73173a h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/net/netfilter/nf_conntrack_irc.c | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/[refs] b/[refs] index 5c455ef2344b..ba7ef8102277 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 51807e91a76a531d059ec7ce3395c435e4df52a8 +refs/heads/master: e3b802ba885b54f4050164c3cfd9e0ba9c73173a diff --git a/trunk/net/netfilter/nf_conntrack_irc.c b/trunk/net/netfilter/nf_conntrack_irc.c index 1b1226d6653f..20633fdf7e6b 100644 --- a/trunk/net/netfilter/nf_conntrack_irc.c +++ b/trunk/net/netfilter/nf_conntrack_irc.c @@ -68,11 +68,21 @@ static const char *const dccprotos[] = { static int parse_dcc(char *data, const char *data_end, u_int32_t *ip, u_int16_t *port, char **ad_beg_p, char **ad_end_p) { + char *tmp; + /* at least 12: "AAAAAAAA P\1\n" */ while (*data++ != ' ') if (data > data_end - 12) return -1; + /* Make sure we have a newline character within the packet boundaries + * because simple_strtoul parses until the first invalid character. */ + for (tmp = data; tmp <= data_end; tmp++) + if (*tmp == '\n') + break; + if (tmp > data_end || *tmp != '\n') + return -1; + *ad_beg_p = data; *ip = simple_strtoul(data, &data, 10);