Skip to content

Commit

Permalink
[NETFILTER]: SIP conntrack: fix out of bounds memory access
Browse files Browse the repository at this point in the history 
When checking for an @-sign in skp_epaddr_len, make sure not to
run over the packet boundaries.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Patrick McHardy authored and David S. Miller committed Jan 30, 2007
1 parent 7da5bfb commit adcb471
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion net/ipv4/netfilter/ip_conntrack_sip.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ static int skp_epaddr_len(const char *dptr, const char *limit, int *shift)
dptr++;
}

if (*dptr == '@') {
if (dptr <= limit && *dptr == '@') {
dptr++;
(*shift)++;
} else
Expand Down
2 changes: 1 addition & 1 deletion net/netfilter/nf_conntrack_sip.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ static int skp_epaddr_len(struct nf_conn *ct, const char *dptr,
dptr++;
}

if (*dptr == '@') {
if (dptr <= limit && *dptr == '@') {
dptr++;
(*shift)++;
} else
Expand Down

0 comments on commit adcb471

Please sign in to comment.