Message ID | CAML0wpGWvcpB5GE_zAjOeO6ki_nszaj+hR9yyadwu_3hQno7Cg@mail.gmail.com |
---|---|
State | Superseded |
Delegated to: | Pablo Neira |
Headers | show |
I'm a bit new to this; is this patch OK? On Tue, May 3, 2016 at 1:12 AM, Toby DiPasquale <toby@cbcg.net> wrote: > On Mon, Apr 25, 2016 at 11:29 AM, Florian Westphal <fw@strlen.de> wrote: >> -> sz (size_t) will underflow here >> >> I'd suggest to change the if (sz < 1) to if (sz < 2) to >> resolve this, the while loop below has to be taken anyway. > > Thanks, Florian! Updated patch below: > > Signed-off-by: Toby DiPasquale <toby@cbcg.net> > > diff --git a/net/netfilter/nf_conntrack_h323_asn1.c > b/net/netfilter/nf_conntrack_h323_asn1.c > index bcd5ed6..89b2e46 100644 > --- a/net/netfilter/nf_conntrack_h323_asn1.c > +++ b/net/netfilter/nf_conntrack_h323_asn1.c > @@ -846,9 +846,10 @@ int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931) > sz -= len; > > /* Message Type */ > - if (sz < 1) > + if (sz < 2) > return H323_ERROR_BOUND; > q931->MessageType = *p++; > + sz--; > PRINT("MessageType = %02X\n", q931->MessageType); > if (*p & 0x80) { > p++;
Is this latest patch OK? On Tue, May 3, 2016 at 1:12 AM, Toby DiPasquale <toby@cbcg.net> wrote: > On Mon, Apr 25, 2016 at 11:29 AM, Florian Westphal <fw@strlen.de> wrote: >> -> sz (size_t) will underflow here >> >> I'd suggest to change the if (sz < 1) to if (sz < 2) to >> resolve this, the while loop below has to be taken anyway. > > Thanks, Florian! Updated patch below: > > Signed-off-by: Toby DiPasquale <toby@cbcg.net> > > diff --git a/net/netfilter/nf_conntrack_h323_asn1.c > b/net/netfilter/nf_conntrack_h323_asn1.c > index bcd5ed6..89b2e46 100644 > --- a/net/netfilter/nf_conntrack_h323_asn1.c > +++ b/net/netfilter/nf_conntrack_h323_asn1.c > @@ -846,9 +846,10 @@ int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931) > sz -= len; > > /* Message Type */ > - if (sz < 1) > + if (sz < 2) > return H323_ERROR_BOUND; > q931->MessageType = *p++; > + sz--; > PRINT("MessageType = %02X\n", q931->MessageType); > if (*p & 0x80) { > p++;
Toby DiPasquale <toby@cbcg.net> wrote:
> Is this latest patch OK?
Yes, I don't know why it wasn't applied yet.
Pablo?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Jun 06, 2016 at 04:35:55PM +0200, Florian Westphal wrote: > Toby DiPasquale <toby@cbcg.net> wrote: > > Is this latest patch OK? > > Yes, I don't know why it wasn't applied yet. > > Pablo? This doesn't apply. $ git am /tmp/off-by-one-in-DecodeQ931.patch -s Applying: off-by-one in DecodeQ931 error: patch failed: net/netfilter/nf_conntrack_h323_asn1.c:846 error: net/netfilter/nf_conntrack_h323_asn1.c: patch does not apply Patch failed at 0001 off-by-one in DecodeQ931 The copy of the patch that failed is found in: patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". Could you resubmit using git-format-patch? Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Attached is the patch generated with git format-patch. On Mon, Jun 6, 2016 at 10:55 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote: > On Mon, Jun 06, 2016 at 04:35:55PM +0200, Florian Westphal wrote: >> Toby DiPasquale <toby@cbcg.net> wrote: >> > Is this latest patch OK? >> >> Yes, I don't know why it wasn't applied yet. >> >> Pablo? > > This doesn't apply. > > $ git am /tmp/off-by-one-in-DecodeQ931.patch -s > Applying: off-by-one in DecodeQ931 > error: patch failed: net/netfilter/nf_conntrack_h323_asn1.c:846 > error: net/netfilter/nf_conntrack_h323_asn1.c: patch does not apply > Patch failed at 0001 off-by-one in DecodeQ931 > The copy of the patch that failed is found in: > patch > When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". > > Could you resubmit using git-format-patch? Thanks.
diff --git a/net/netfilter/nf_conntrack_h323_asn1.c b/net/netfilter/nf_conntrack_h323_asn1.c index bcd5ed6..89b2e46 100644 --- a/net/netfilter/nf_conntrack_h323_asn1.c +++ b/net/netfilter/nf_conntrack_h323_asn1.c @@ -846,9 +846,10 @@ int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931) sz -= len; /* Message Type */ - if (sz < 1) + if (sz < 2) return H323_ERROR_BOUND; q931->MessageType = *p++; + sz--; PRINT("MessageType = %02X\n", q931->MessageType); if (*p & 0x80) { p++;