Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/include/net/netfilter
History
Patrick McHardy f4a87e7bd2 netfilter: synproxy: fix BUG_ON triggered by corrupt TCP packets 
TCP packets hitting the SYN proxy through the SYNPROXY target are not
validated by TCP conntrack. When th->doff is below 5, an underflow happens
when calculating the options length, causing skb_header_pointer() to
return NULL and triggering the BUG_ON().

Handle this case gracefully by checking for NULL instead of using BUG_ON().

Reported-by: Martin Topholm <mph@one.com>
Tested-by: Martin Topholm <mph@one.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2013-09-30 12:44:38 +02:00
..
ipv4
ipv6
nf_conntrack.h netfilter: nf_conntrack: don't send destroy events from iterator 2013-08-09 12:03:33 +02:00
nf_conntrack_acct.h
nf_conntrack_core.h
nf_conntrack_ecache.h
nf_conntrack_expect.h
nf_conntrack_extend.h netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions 2013-09-13 11:58:40 +02:00
nf_conntrack_helper.h
nf_conntrack_l3proto.h
nf_conntrack_l4proto.h
nf_conntrack_labels.h
nf_conntrack_seqadj.h netfilter: add SYNPROXY core/target 2013-08-28 00:27:54 +02:00
nf_conntrack_synproxy.h netfilter: synproxy: fix BUG_ON triggered by corrupt TCP packets 2013-09-30 12:44:38 +02:00
nf_conntrack_timeout.h
nf_conntrack_timestamp.h
nf_conntrack_tuple.h
nf_conntrack_zones.h
nf_log.h
nf_nat.h netfilter: nf_conntrack: make sequence number adjustments usuable without NAT 2013-08-28 00:26:48 +02:00
nf_nat_core.h
nf_nat_helper.h netfilter: nf_conntrack: make sequence number adjustments usuable without NAT 2013-08-28 00:26:48 +02:00
nf_nat_l3proto.h
nf_nat_l4proto.h
nf_queue.h
nfnetlink_log.h
nfnetlink_queue.h netfilter: nfnetlink_queue: allow to attach expectations to conntracks 2013-08-13 16:32:10 +02:00
xt_log.h
xt_rateest.h