Skip to content

Commit

Permalink
[NETFILTER]: xt_sctp: fix endless loop caused by 0 chunk length
Browse files Browse the repository at this point in the history 
Fix endless loop in the SCTP match similar to those already fixed in
the SCTP conntrack helper (was CVE-2006-1527).

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Patrick McHardy authored and David S. Miller committed Jun 20, 2006
1 parent 25f42b6 commit d3dcd4e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/netfilter/xt_sctp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ match_packet(const struct sk_buff *skb,

do {
sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
if (sch == NULL) {
if (sch == NULL || sch->length == 0) {
duprintf("Dropping invalid SCTP packet.\n");
*hotdrop = 1;
return 0;
Expand Down

0 comments on commit d3dcd4e

Please sign in to comment.