Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv4/netfilter
History
Patrick McHardy f4a87e7bd2 netfilter: synproxy: fix BUG_ON triggered by corrupt TCP packets 
TCP packets hitting the SYN proxy through the SYNPROXY target are not
validated by TCP conntrack. When th->doff is below 5, an underflow happens
when calculating the options length, causing skb_header_pointer() to
return NULL and triggering the BUG_ON().

Handle this case gracefully by checking for NULL instead of using BUG_ON().

Reported-by: Martin Topholm <mph@one.com>
Tested-by: Martin Topholm <mph@one.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2013-09-30 12:44:38 +02:00
..
Kconfig netfilter: add SYNPROXY core/target 2013-08-28 00:27:54 +02:00
Makefile netfilter: add SYNPROXY core/target 2013-08-28 00:27:54 +02:00
arp_tables.c
arpt_mangle.c
arptable_filter.c
ip_tables.c
ipt_CLUSTERIP.c
ipt_ECN.c
ipt_MASQUERADE.c netfilter: nf_conntrack: don't send destroy events from iterator 2013-08-09 12:03:33 +02:00
ipt_REJECT.c netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged 2013-08-28 00:13:12 +02:00
ipt_SYNPROXY.c netfilter: synproxy: fix BUG_ON triggered by corrupt TCP packets 2013-09-30 12:44:38 +02:00
ipt_ULOG.c
ipt_ah.c
ipt_rpfilter.c
iptable_filter.c
iptable_mangle.c
iptable_nat.c
iptable_raw.c
iptable_security.c
nf_conntrack_l3proto_ipv4.c netfilter: nf_conntrack: make sequence number adjustments usuable without NAT 2013-08-28 00:26:48 +02:00
nf_conntrack_l3proto_ipv4_compat.c
nf_conntrack_proto_icmp.c
nf_defrag_ipv4.c
nf_nat_h323.c
nf_nat_l3proto_ipv4.c
nf_nat_pptp.c
nf_nat_proto_gre.c
nf_nat_proto_icmp.c
nf_nat_snmp_basic.c