lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Apr 2013 14:04:10 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: Patrick McHardy <kaber@...sh.net> Cc: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] netfilter: nf_conntrack_sip: don't drop packets with offsets pointing outside the packet On Fri, Apr 05, 2013 at 08:13:30PM +0200, Patrick McHardy wrote: > Some Cisco phones create huge messages that are spread over multiple packets. > After calculating the offset of the SIP body, it is validated to be within > the packet and the packet is dropped otherwise. This breaks operation of > these phones. Since connection tracking is supposed to be passive, just let > those packets pass unmodified and untracked. Applied, thanks -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists