lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <BANLkTikt_N-1HJfcFu241WX4+XuNVDF+5w@mail.gmail.com>
Date:	Sat, 21 May 2011 23:31:05 +0800
From:	Changli Gao <xiaosuo@...il.com>
To:	Mansour Moufid <mansourmoufid@...il.com>
Cc:	kaber@...sh.net, netfilter-devel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] netfilter: nf_conntrack_ftp: prevent integer overflows in get_port()

On Thu, May 5, 2011 at 6:31 AM, Mansour Moufid <mansourmoufid@...il.com> wrote:
> From: Mansour Moufid <mansourmoufid@...il.com>
>
> This patch prevents potential integer overflows from occurring in the
> port number parsing function `get_port', in the file
> net/netfilter/nf_conntrack_ftp.c; related constants are defined in
> include/linux/kernel.h. This applies to stable version 2.6.38.5.
>
> The concern is a firewall could be made to open an otherwise closed
> port. For example, get_port("65558?", 0, 6, '?', foo) currently
> returns 22 in *foo.
>

It isn't a serious problem. If an attacker can control the contents,
he can just give a valid port 22 instead of utilizing this integer
overflow.

-- 
Regards,
Changli Gao(xiaosuo@...il.com)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ