lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Jul 2016 19:43:45 +0800 From: Liping Zhang <zlpnobody@...il.com> To: Christophe Leroy <christophe.leroy@....fr> Cc: Pablo Neira Ayuso <pablo@...filter.org>, Patrick McHardy <kaber@...sh.net>, Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>, "David S. Miller" <davem@...emloft.net>, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq 2016-07-04 14:14 GMT+08:00 Christophe Leroy <christophe.leroy@....fr>: >> I think there is no need to convert simple_strtoul to kstrtouint, add >> a further check seems better? >> Like this: >> - if (!cseq) { >> + if (!cseq && *(*dptr + matchoff) != '0') { >> > > And what about an invalid CSeq that would look like CSeq: 0abzk852 ? > Should we check it is 0 + space instead ? In this case, i.e. some stupid sip clients set CSeq to "0abzk852", your patch will also fail to detect this "error". Because for "Cseq", int (*match_len)(...) point to digits_len(see struct sip_header ct_sip_hdrs definition). So in this case match_len will just be setted to ONE (not sizeof("0abzk852")-1), then cseq will be parsed as 0 by kstrtouint, not as an error.
Powered by blists - more mailing lists