GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/2221977/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2221977,
    "url": "http://patchwork.ozlabs.org/api/patches/2221977/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260410140843.52027-1-giuseppecaruso0990@gmail.com/",
    "project": {
        "id": 26,
        "url": "http://patchwork.ozlabs.org/api/projects/26/?format=api",
        "name": "Netfilter Development",
        "link_name": "netfilter-devel",
        "list_id": "netfilter-devel.vger.kernel.org",
        "list_email": "netfilter-devel@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260410140843.52027-1-giuseppecaruso0990@gmail.com>",
    "list_archive_url": null,
    "date": "2026-04-10T14:08:43",
    "name": "[2/2] netfilter: validate values parsed by try_number",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "5a20b2e9311d9dd5922e1181c3206ece85213da6",
    "submitter": {
        "id": 93114,
        "url": "http://patchwork.ozlabs.org/api/people/93114/?format=api",
        "name": "Cyber-JA",
        "email": "giuseppecaruso0990@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260410140843.52027-1-giuseppecaruso0990@gmail.com/mbox/",
    "series": [
        {
            "id": 499464,
            "url": "http://patchwork.ozlabs.org/api/series/499464/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=499464",
            "date": "2026-04-10T13:57:33",
            "name": "[1/2] netfilter fix u16 overflow in get_port()",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/499464/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2221977/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2221977/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "\n <netfilter-devel+bounces-11813-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "netfilter-devel@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=Z7RvrodS;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c09:e001:a7::12fc:5321; helo=sto.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11813-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"Z7RvrodS\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.221.48",
            "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com",
            "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"
        ],
        "Received": [
            "from sto.lore.kernel.org (sto.lore.kernel.org\n [IPv6:2600:3c09:e001:a7::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsdvW1vJQz1yGb\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 11 Apr 2026 00:08:55 +1000 (AEST)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 6D51F301ED97\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 14:08:52 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 5215F3CC9F5;\n\tFri, 10 Apr 2026 14:08:51 +0000 (UTC)",
            "from mail-wr1-f48.google.com (mail-wr1-f48.google.com\n [209.85.221.48])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 774C93A75B9\n\tfor <netfilter-devel@vger.kernel.org>; Fri, 10 Apr 2026 14:08:49 +0000 (UTC)",
            "by mail-wr1-f48.google.com with SMTP id\n ffacd0b85a97d-43d572f7437so1448855f8f.1\n        for <netfilter-devel@vger.kernel.org>;\n Fri, 10 Apr 2026 07:08:49 -0700 (PDT)",
            "from kali.station (net-2-39-22-72.cust.vodafonedsl.it. [2.39.22.72])\n        by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-43d63e462fdsm7276172f8f.22.2026.04.10.07.08.47\n        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n        Fri, 10 Apr 2026 07:08:47 -0700 (PDT)"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775830130; cv=none;\n b=dTCC7jvLrbLWGaqSHRw5kZR5HuQkXMwt/gcP4rtPWxDmdaO0QTc8Wvo5hj4m8hJUXsonHvU0G4/vtpImR6SQlpsX5xGHZfr3N1pdbETfGNJ4JIAIPaRoxyrOJEXQ8bTZk4ab3IlI/xtRft6n2AU0k8UY23iwlUcMGihfqGPZZ+Q=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775830130; c=relaxed/simple;\n\tbh=Jfy2usjb7LD5diX+bK57ihlhuNRqd/S/obMi4Uou+C4=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=B7oSQuGlDNxZStWFF3GfKZthQhfIOQwCZ7tAMqgGdtJ3vJmjp5wDubvVzgWPvTubMQ31/imBSq5OtCcxL06lOb7ufi3BWUUxvVrPnhxs98CBYa2i1INU9tdGJiJ8BEYo3qCASKoiVH4KYIiacOyilogAnPCiyYoxvCakVcORTV8=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=Z7RvrodS; arc=none smtp.client-ip=209.85.221.48",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=gmail.com; s=20251104; t=1775830128; x=1776434928;\n darn=vger.kernel.org;\n        h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n         :to:from:from:to:cc:subject:date:message-id:reply-to;\n        bh=aK+3YdeKNNJBdXuNMI1GNmLQlCMgDOjeM6utJ1G5yTg=;\n        b=Z7RvrodS43h+b1+a6//5902vMsOLFTUeqfXODh3+vqshZhF1J7XFE6ti4wpv9HQLGG\n         e1v4URDjXalZ/QhJr0BgY7RhErT3SppFbtndcIvpMsMfl7vvLWVZmqhhEMBKrp52qiJ9\n         07CRMaHPP4NEJ0v3sIFAr8sblrzSnrnXKM8+MrkMKbBIs1OS57qliAByf1Y8DikMvLJj\n         7l5QYfA9n9IHPf81PnWwv1h3xkCC7N/KnsIGJleqaV9m0M8GtPpBDKEO21gdeUyqimbz\n         8dkvBebDLRbJ22P8c8Svfe7cA6N+A4pH5tgeqxw+srVy7XWSXJ+aAsK+SGJpeHpVErpm\n         Fcpg==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1775830128; x=1776434928;\n        h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n         :message-id:reply-to;\n        bh=aK+3YdeKNNJBdXuNMI1GNmLQlCMgDOjeM6utJ1G5yTg=;\n        b=jsYvITTV39VQt51OxBuF0fuExeyG5d4euHEf/s+TySEfZ3wclcqOkNKIBCa2cqB8CN\n         4UVMYm4ej0DIm/gmCwJ0XtCys/FO7MhNyKeEgY4QnAINtklxap0okLgD9pv9mLJOFFN2\n         W9zgt1GvvJcS+Kh8h24q9mjyoXjHnxTq4xJ+6FdZMFfyNEYpxbTgTINiaRLtAYTPlbcZ\n         6IfccTcfhjTVleyQr6ebWjn//DtGGWB+AVLsXyzPf1bggBazZRribFwNC63V+LK3co1f\n         Pn1Q0t8YHbUDlrS7qjR0FaB3K1AmeqeNQRDXzfMMY+pQtZx9gJTzqi5P1QikNTPy0RhN\n         AFeg==",
        "X-Gm-Message-State": "AOJu0YwitxGacopXrGhaNIt+PXk4ETnr/edg28KA3e8xFcuzyZfqM7Xn\n\tO4Wg4+nXDbMBS33Lk1ZNDj36ni8GObJ3I/Wg+lzdr3hA+fDuVKreRG9TphZfas8sd5kYVw==",
        "X-Gm-Gg": "AeBDievUU3JnbzA46PekAHBV5cy547Tv+p0PpCkL4q4ICgbkUedLnLzXyqNLa3r18OG\n\tDN1XqmJ/ahWv2FsY20Di0sQwcVH5N/72+pRzGk9pAoQPrsqbEujp+3whVpcApt72Nhd7IQ1Rv1k\n\tV3cnANZLB8RiAuXVDauuZXPwAQRR7f4fvzFyS7c+nEFRW30rNIbwsY0H2e7GCKCAqR61SA7bIE3\n\tZqwAd4oa/7Dyu5EeQpAd7mVWB6DpHrlq1z8EzB3jKBeF9ztv74L8LuJ6vrBwoFSNBcedZKijDnX\n\tUTEykAzQPDA9IoP8BwT93c8CsRkne3vHkeJ7YK4t2HrKwWot+Zs5UJzN9mHVXlXNhzKHdiqUXTf\n\tDT4xWUMqhwtU6i/faGU0E/a7mUtGM9CUAjYPtWTKiwK3JL1mdxBAX2bDNTMF54yGoNErnHUQIAi\n\tG2DProMauCuagJPfae9aVEH4TAE/QCaDPYCLDq/Fach20+fmBD7xZxe4I0HknQbK2c/bEp",
        "X-Received": "by 2002:a05:6000:2403:b0:43d:4b00:9ee7 with SMTP id\n ffacd0b85a97d-43d642d1b1cmr4856702f8f.33.1775830127576;\n        Fri, 10 Apr 2026 07:08:47 -0700 (PDT)",
        "From": "Cyber-JA <giuseppecaruso0990@gmail.com>",
        "To": "netfilter-devel@vger.kernel.org",
        "Cc": "Cyber-JA <giuseppecaruso0990@gmail.com>",
        "Subject": "[PATCH 2/2] netfilter: validate values parsed by try_number",
        "Date": "Fri, 10 Apr 2026 10:08:43 -0400",
        "Message-ID": "<20260410140843.52027-1-giuseppecaruso0990@gmail.com>",
        "X-Mailer": "git-send-email 2.53.0",
        "Precedence": "bulk",
        "X-Mailing-List": "netfilter-devel@vger.kernel.org",
        "List-Id": "<netfilter-devel.vger.kernel.org>",
        "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit"
    },
    "content": "try_number() parses comma-separated decimal values from FTP PORT and\nEPRT commands into a u_int32_t array, but does not validate that each\nvalue fits in a single octet. RFC 959 specifies that PORT parameters\nare decimal integers in the range 0-255, representing the four octets\nof an IP address followed by two octets encoding the port number.\n\nValues exceeding 255 are silently accepted. In try_rfc959(), the raw\nu32 values are combined via shift-and-OR to form the IP and port:\n\n  cmd->u3.ip = htonl((array[0] << 24) | (array[1] << 16) |\n                     (array[2] << 8) | array[3]);\n  cmd->u.tcp.port = htons((array[4] << 8) | array[5]);\n\nWhen array elements exceed 255, bits from one field bleed into adjacent\nfields after shifting, producing IP addresses and port numbers that\ndiffer from what the text representation suggests. For example,\n\"PORT 10,0,1,2,256,22\" yields port (256<<8)|22 = 65558, truncated to\nu16 = 22. This mismatch between the textual and computed values can\nconfuse network monitoring tools that parse FTP commands independently.\n\nReject the command by returning 0 (no match) when any accumulated\nvalue exceeds 255.\n\nSigned-off-by: Giuseppe Caruso <giuseppecaruso0990@gmail.com>\n---\n net/netfilter/nf_conntrack_ftp.c | 4 ++++\n 1 file changed, 4 insertions(+)",
    "diff": "diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c\nindex 5e00f9123c38..12a6d9dd16a5 100644\n--- a/net/netfilter/nf_conntrack_ftp.c\n+++ b/net/netfilter/nf_conntrack_ftp.c\n@@ -126,6 +126,10 @@ static int try_number(const char *data, size_t dlen, u_int32_t array[],\n \tfor (i = 0, len = 0; len < dlen && i < array_size; len++, data++) {\n \t\tif (*data >= '0' && *data <= '9') {\n \t\t\tarray[i] = array[i]*10 + *data - '0';\n+\t\t\tif (array[i] > 255) {\n+\t\t\t\tpr_debug(\"try_number: %u > 255\\n\", array[i]);\n+\t\t\t\treturn 0;\n+\t\t\t}\n \t\t}\n \t\telse if (*data == sep)\n \t\t\ti++;\n",
    "prefixes": [
        "2/2"
    ]
}