[netfilter-cvslog] r7290 - in trunk/conntrack-tools: . src
pablo at netfilter.org
pablo at netfilter.org
Wed Jan 23 12:38:30 CET 2008
Author: pablo at netfilter.org
Date: 2008-01-23 12:38:30 +0100 (Wed, 23 Jan 2008)
New Revision: 7290
Modified:
trunk/conntrack-tools/ChangeLog
trunk/conntrack-tools/src/sync-mode.c
Log:
Max Kellermann <max at duempel.org>:
check if the received packet is large enough
Minor changes by the committer
Modified: trunk/conntrack-tools/ChangeLog
===================================================================
--- trunk/conntrack-tools/ChangeLog 2008-01-23 11:13:18 UTC (rev 7289)
+++ trunk/conntrack-tools/ChangeLog 2008-01-23 11:38:30 UTC (rev 7290)
@@ -93,6 +93,7 @@
o fix error checking of local_create_server()
o added struct local_server, several cleanups in local socket infrastructure
o remove unused prototypes in network.h
+o check if the received packet is large enough
version 0.9.5 (2007/07/29)
------------------------------
Modified: trunk/conntrack-tools/src/sync-mode.c
===================================================================
--- trunk/conntrack-tools/src/sync-mode.c 2008-01-23 11:13:18 UTC (rev 7289)
+++ trunk/conntrack-tools/src/sync-mode.c 2008-01-23 11:38:30 UTC (rev 7290)
@@ -99,6 +99,11 @@
while (remain > 0) {
struct nethdr *net = (struct nethdr *) ptr;
+ if (remain < NETHDR_SIZ) {
+ STATE(malformed)++;
+ break;
+ }
+
if (ntohs(net->len) > remain) {
dlog(LOG_ERR, "fragmented messages");
break;
More information about the netfilter-cvslog
mailing list