[Bug 1072] coredump when parsing ip protocol with number > 6

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Jun 6 21:55:37 CEST 2016


https://bugzilla.netfilter.org/show_bug.cgi?id=1072

Florian Westphal <fw at strlen.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fw at strlen.de

--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to frederik.schwan from comment #0)
> My goal: filter GRE (IP proto 47) traffic
> This rule gives me a coredump when I try to load it:
> ip protocol 47 ip saddr x.x.x.x accept

Thanks, this is a regression from 0.5 when we don't have
the higher-level protocol.

Fix is

diff --git a/src/payload.c b/src/payload.c
--- a/src/payload.c
+++ b/src/payload.c
@@ -85,6 +85,9 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
        base = ctx->protocol[left->payload.base].desc;
        desc = proto_find_upper(base, proto);

+       if (!desc)
+               return;
+
        assert(desc->base <= PROTO_BASE_MAX);
        if (desc->base == base->base) {
                assert(base->length > 0);

I'll send a patch.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160606/4c04f957/attachment.html>


More information about the netfilter-buglog mailing list