[Bug 1113] New: integer overflow in xt_TCPMSS
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Jan 19 06:34:54 CET 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1113
Bug ID: 1113
Summary: integer overflow in xt_TCPMSS
Product: netfilter/iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ip_tables (kernel)
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: kondratev.pavel at gmail.com
Created attachment 491
--> https://bugzilla.netfilter.org/attachment.cgi?id=491&action=edit
patch 1
integer overflow in module when use ppp interfaces (may be not specific) and
broken packets (special generated)
--- /home/pavel/make/linux-3.16.39/net/netfilter/xt_TCPMSS.c 2016-11-20
06:17:41.000000000 +0500
+++ ./xt_TCPMSS.c 2016-04-05 13:32:05.000000000 +0500
@@ -126,7 +126,7 @@
newmss = info->mss;
opt = (u_int8_t *)tcph;
- for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i +=
optlen(opt, i)) {
+ for (i = sizeof(struct tcphdr); i + TCPOLEN_MSS <= tcp_hdrlen; i +=
optlen(opt, i)) {
if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) {
u_int16_t oldmss;
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170119/963b8361/attachment.html>
More information about the netfilter-buglog
mailing list