Message ID | 1344542943-11588-4-git-send-email-kaber@trash.net |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
On Thu, Aug 09, 2012 at 10:08:47PM +0200, kaber@trash.net wrote: > From: Patrick McHardy <kaber@trash.net> > > Via-headers are parsed beginning at the first character after the Via-address. > When the address is translated first and its length decreases, the offset to > start parsing at is incorrect and header parameters might be missed. > > Update the offset after translating the Via-address to fix this. Applied, thanks Patrick. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 14 Aug 2012, Pablo Neira Ayuso wrote: > On Thu, Aug 09, 2012 at 10:08:47PM +0200, kaber@trash.net wrote: >> From: Patrick McHardy <kaber@trash.net> >> >> Via-headers are parsed beginning at the first character after the Via-address. >> When the address is translated first and its length decreases, the offset to >> start parsing at is incorrect and header parameters might be missed. >> >> Update the offset after translating the Via-address to fix this. > > Applied, thanks Patrick. Thanks Pablo. I'll submit the final IPv6-NAT patches once these three patches have made it into net-next/nf-next. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index eef8f29..4ad9cf1 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c @@ -148,7 +148,7 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int dataoff, if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen, hdr, NULL, &matchoff, &matchlen, &addr, &port) > 0) { - unsigned int matchend, poff, plen, buflen, n; + unsigned int olen, matchend, poff, plen, buflen, n; char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")]; /* We're only interested in headers related to this @@ -163,11 +163,12 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int dataoff, goto next; } + olen = *datalen; if (!map_addr(skb, dataoff, dptr, datalen, matchoff, matchlen, &addr, port)) return NF_DROP; - matchend = matchoff + matchlen; + matchend = matchoff + matchlen + *datalen - olen; /* The maddr= parameter (RFC 2361) specifies where to send * the reply. */