[conntrack-tools] sync-mode: check if message type is >= NET_T_STATE_MAX before parsing
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sat Dec 13 19:46:13 CET 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=aa36f86194a51c776810ced5c3a6dcead30243fa
commit aa36f86194a51c776810ced5c3a6dcead30243fa
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat Dec 13 19:45:53 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat Dec 13 19:45:53 2008 +0100
sync-mode: check if message type is >= NET_T_STATE_MAX before parsing
This patch adds a message-type checking before we parse the message.
Thus, we skip the parsing of messages with bad types.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via aa36f86194a51c776810ced5c3a6dcead30243fa (commit)
from 08f59121eb907802d490601f5e54dcd0fbc1d695 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit aa36f86194a51c776810ced5c3a6dcead30243fa
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sat Dec 13 19:45:53 2008 +0100
sync-mode: check if message type is >= NET_T_STATE_MAX before parsing
This patch adds a message-type checking before we parse the message.
Thus, we skip the parsing of messages with bad types.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
src/sync-mode.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
This patch adds a message-type checking before we parse the message.
Thus, we skip the parsing of messages with bad types.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/sync-mode.c b/src/sync-mode.c
index b2b78ad..6aad8f7 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -59,6 +59,11 @@ static void do_mcast_handler_step(struct nethdr *net, size_t remain)
break;
}
+ if (net->type > NET_T_STATE_MAX) {
+ STATE(malformed)++;
+ dlog(LOG_ERR, "bad state message type");
+ return;
+ }
memset(ct, 0, sizeof(__ct));
if (parse_payload(ct, net, remain) == -1) {
More information about the netfilter-cvslog
mailing list