Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2223683,
    "url": "http://patchwork.ozlabs.org/api/1.1/patches/2223683/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260416013101.221555-3-pablo@netfilter.org/",
    "project": {
        "id": 26,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api",
        "name": "Netfilter Development",
        "link_name": "netfilter-devel",
        "list_id": "netfilter-devel.vger.kernel.org",
        "list_email": "netfilter-devel@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null
    },
    "msgid": "<20260416013101.221555-3-pablo@netfilter.org>",
    "date": "2026-04-16T01:30:49",
    "name": "[net,02/14] netfilter: nf_conntrack_sip: add bounds-checked port parsing helper",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "c7786a620e5e29cbffe9ed8e8f8fcb732c4b071a",
    "submitter": {
        "id": 1315,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/1315/?format=api",
        "name": "Pablo Neira Ayuso",
        "email": "pablo@netfilter.org"
    },
    "delegate": {
        "id": 11902,
        "url": "http://patchwork.ozlabs.org/api/1.1/users/11902/?format=api",
        "username": "strlen",
        "first_name": "Florian",
        "last_name": "Westphal",
        "email": "fw@strlen.de"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260416013101.221555-3-pablo@netfilter.org/mbox/",
    "series": [
        {
            "id": 500063,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/500063/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=500063",
            "date": "2026-04-16T01:30:47",
            "name": "[net,01/14] netfilter: nft_fwd_netdev: use recursion counter in neigh egress path",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/500063/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2223683/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2223683/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "\n <netfilter-devel+bounces-11948-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "netfilter-devel@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=vjthiwsb;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11948-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"vjthiwsb\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124",
            "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org",
            "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org"
        ],
        "Received": [
            "from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fx0q24vwPz1yG9\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 16 Apr 2026 11:31:42 +1000 (AEST)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 538703041D00\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 16 Apr 2026 01:31:21 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id CAC2D23505E;\n\tThu, 16 Apr 2026 01:31:13 +0000 (UTC)",
            "from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id B9D8A21B905;\n\tThu, 16 Apr 2026 01:31:11 +0000 (UTC)",
            "from localhost.localdomain (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with ESMTPSA id A0C1660180;\n\tThu, 16 Apr 2026 03:31:09 +0200 (CEST)"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776303073; cv=none;\n b=eBGatmiP9hU7kZP60tG2hFWU+AcJn2o8S/7fDPezD219IZ2yRADO3fXMa9YBhPFgOxQrq7INrEOM406/5MnmuOEvGaFRstf0jVeEReN3h4Y61GQqoLGTwsgAf/u5RgD8IVAt+bqaRiHWm+A9KHHJ0lQsaxYG+mFKl0IuovFaabo=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776303073; c=relaxed/simple;\n\tbh=h9dzILytnraSyC4jJF1+qQRHVZdhYM7t0Dx8tdod588=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=cQssngOSgshxodKC80AkIzhzl21b+unrri4AgblXjfeSIozREleMA8Gh32jD7l/O6bj5wHA2SwP9ZILJ+GsSx/WoeuHzkr5Cill31w47OAp4gig+7PgG32c44iGY/hV/1Uw4rpy4pkBD1+KqWFJEqNplVF88O0r0msd+upVSo18=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=vjthiwsb; arc=none smtp.client-ip=217.70.190.124",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1776303070;\n\tbh=eOKSVAkAUvqYwcEXVIlJ9lnNgAS+udtzZX7xRvXm5eg=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=vjthiwsbOhu/Hig3/XgSqdPV1Mh11ZzuUFjoPc1VLtO+YP3MZlrX1gbBa/1EJdlXN\n\t S4wITuwRYJCtIfK42YWWpfbSVNeZDioJUw/qQMbjRZdLPoFn+yZ7yMoS5/TkVe6q4N\n\t 3/fdQ33p9LFCOEYhdCPxyJyZ4rxEuKxeMiKiRHTeywgJEwW9b9bL77Y7ZOFpBgJC1L\n\t zWkSjby37I+6YMvTsm6Cg4vKymw6v9KWGzpNLib3Ycp4IwyG9fWB4elp1S+mrj6kEy\n\t dRdR9Y6CLtISQH9RLhdcZMab/d9m8x5bGwrxUaIRs2IluqRYsv8k8i4GPR61x7QiFG\n\t lFZ6Qr9zXQ07Q==",
        "From": "Pablo Neira Ayuso <pablo@netfilter.org>",
        "To": "netfilter-devel@vger.kernel.org",
        "Cc": "davem@davemloft.net,\n\tnetdev@vger.kernel.org,\n\tkuba@kernel.org,\n\tpabeni@redhat.com,\n\tedumazet@google.com,\n\tfw@strlen.de,\n\thorms@kernel.org",
        "Subject": "[PATCH net 02/14] netfilter: nf_conntrack_sip: add bounds-checked\n port parsing helper",
        "Date": "Thu, 16 Apr 2026 03:30:49 +0200",
        "Message-ID": "<20260416013101.221555-3-pablo@netfilter.org>",
        "X-Mailer": "git-send-email 2.47.3",
        "In-Reply-To": "<20260416013101.221555-1-pablo@netfilter.org>",
        "References": "<20260416013101.221555-1-pablo@netfilter.org>",
        "Precedence": "bulk",
        "X-Mailing-List": "netfilter-devel@vger.kernel.org",
        "List-Id": "<netfilter-devel.vger.kernel.org>",
        "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=UTF-8",
        "Content-Transfer-Encoding": "8bit"
    },
    "content": "From: Jenny Guanni Qu <qguanni@gmail.com>\n\nReplace unsafe port parsing in epaddr_len(), ct_sip_parse_header_uri(),\nand ct_sip_parse_request() with a new sip_parse_port() helper that\nvalidates each digit against the buffer limit, eliminating the use of\nsimple_strtoul() which assumes NUL-terminated strings.\n\nThe previous code dereferenced pointers without bounds checks after\nsip_parse_addr() and relied on simple_strtoul() on non-NUL-terminated\nskb data. A port that reaches the buffer limit without a trailing\ncharacter is also rejected as malformed.\n\nBased on a suggestion by Florian Westphal.\n\n[ fw@strlen.de: make port range check unconditional ]\n\nFixes: 05e3ced297fe (\"[NETFILTER]: nf_conntrack_sip: introduce SIP-URI parsing helper\")\nReported-by: Klaudia Kloc <klaudia@vidocsecurity.com>\nReported-by: Dawid Moczadło <dawid@vidocsecurity.com>\nSuggested-by: Florian Westphal <fw@strlen.de>\nTested-by: Jenny Guanni Qu <qguanni@gmail.com>\nTested-by: Weiming Shi <bestswngs@gmail.com>\nSigned-off-by: Jenny Guanni Qu <qguanni@gmail.com>\nSigned-off-by: Florian Westphal <fw@strlen.de>\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\n net/netfilter/nf_conntrack_sip.c | 80 +++++++++++++++++++++++---------\n 1 file changed, 57 insertions(+), 23 deletions(-)",
    "diff": "diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c\nindex 939502ff7c87..38a55a3b3d19 100644\n--- a/net/netfilter/nf_conntrack_sip.c\n+++ b/net/netfilter/nf_conntrack_sip.c\n@@ -181,6 +181,57 @@ static int sip_parse_addr(const struct nf_conn *ct, const char *cp,\n \treturn 1;\n }\n \n+/* Parse optional port number after IP address.\n+ * Returns false on malformed input, true otherwise.\n+ * If port is non-NULL, stores parsed port in network byte order.\n+ * If no port is present, sets *port to default SIP port.\n+ */\n+static bool sip_parse_port(const char *dptr, const char **endp,\n+\t\t\t   const char *limit, __be16 *port)\n+{\n+\tunsigned int p = 0;\n+\tint len = 0;\n+\n+\tif (dptr >= limit)\n+\t\treturn false;\n+\n+\tif (*dptr != ':') {\n+\t\tif (port)\n+\t\t\t*port = htons(SIP_PORT);\n+\t\tif (endp)\n+\t\t\t*endp = dptr;\n+\t\treturn true;\n+\t}\n+\n+\tdptr++; /* skip ':' */\n+\n+\twhile (dptr < limit && isdigit(*dptr)) {\n+\t\tp = p * 10 + (*dptr - '0');\n+\t\tdptr++;\n+\t\tlen++;\n+\t\tif (len > 5) /* max \"65535\" */\n+\t\t\treturn false;\n+\t}\n+\n+\tif (len == 0)\n+\t\treturn false;\n+\n+\t/* reached limit while parsing port */\n+\tif (dptr >= limit)\n+\t\treturn false;\n+\n+\tif (p < 1024 || p > 65535)\n+\t\treturn false;\n+\n+\tif (port)\n+\t\t*port = htons(p);\n+\n+\tif (endp)\n+\t\t*endp = dptr;\n+\n+\treturn true;\n+}\n+\n /* skip ip address. returns its length. */\n static int epaddr_len(const struct nf_conn *ct, const char *dptr,\n \t\t      const char *limit, int *shift)\n@@ -193,11 +244,8 @@ static int epaddr_len(const struct nf_conn *ct, const char *dptr,\n \t\treturn 0;\n \t}\n \n-\t/* Port number */\n-\tif (*dptr == ':') {\n-\t\tdptr++;\n-\t\tdptr += digits_len(ct, dptr, limit, shift);\n-\t}\n+\tif (!sip_parse_port(dptr, &dptr, limit, NULL))\n+\t\treturn 0;\n \treturn dptr - aux;\n }\n \n@@ -241,7 +289,6 @@ int ct_sip_parse_request(const struct nf_conn *ct,\n {\n \tconst char *start = dptr, *limit = dptr + datalen, *end;\n \tunsigned int mlen;\n-\tunsigned int p;\n \tint shift = 0;\n \n \t/* Skip method and following whitespace */\n@@ -267,14 +314,8 @@ int ct_sip_parse_request(const struct nf_conn *ct,\n \n \tif (!sip_parse_addr(ct, dptr, &end, addr, limit, true))\n \t\treturn -1;\n-\tif (end < limit && *end == ':') {\n-\t\tend++;\n-\t\tp = simple_strtoul(end, (char **)&end, 10);\n-\t\tif (p < 1024 || p > 65535)\n-\t\t\treturn -1;\n-\t\t*port = htons(p);\n-\t} else\n-\t\t*port = htons(SIP_PORT);\n+\tif (!sip_parse_port(end, &end, limit, port))\n+\t\treturn -1;\n \n \tif (end == dptr)\n \t\treturn 0;\n@@ -509,7 +550,6 @@ int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,\n \t\t\t    union nf_inet_addr *addr, __be16 *port)\n {\n \tconst char *c, *limit = dptr + datalen;\n-\tunsigned int p;\n \tint ret;\n \n \tret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,\n@@ -520,14 +560,8 @@ int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,\n \n \tif (!sip_parse_addr(ct, dptr + *matchoff, &c, addr, limit, true))\n \t\treturn -1;\n-\tif (*c == ':') {\n-\t\tc++;\n-\t\tp = simple_strtoul(c, (char **)&c, 10);\n-\t\tif (p < 1024 || p > 65535)\n-\t\t\treturn -1;\n-\t\t*port = htons(p);\n-\t} else\n-\t\t*port = htons(SIP_PORT);\n+\tif (!sip_parse_port(c, &c, limit, port))\n+\t\treturn -1;\n \n \tif (dataoff)\n \t\t*dataoff = c - dptr;\n",
    "prefixes": [
        "net",
        "02/14"
    ]
}