Message ID | 1367085974-7750-2-git-send-email-pablo@netfilter.org |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Pablo Neira Ayuso <pablo@netfilter.org> Date: Sat, 27 Apr 2013 20:06:14 +0200 > From: Hans Schillstrom <hans@schillstrom.com> > > The reason for this patch is crash in kmemdup > caused by returning from get_callid with uniialized > matchoff and matchlen. > > Removing Zero check of matchlen since it's done by ct_sip_get_header() ... > Signed-off-by: Hans Schillstrom <hans@schillstrom.com> > Acked-by: Julian Anastasov <ja@ssi.bg> > Signed-off-by: Simon Horman <horms@verge.net.au> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c index 12475ef..e5920fb 100644 --- a/net/netfilter/ipvs/ip_vs_pe_sip.c +++ b/net/netfilter/ipvs/ip_vs_pe_sip.c @@ -37,14 +37,10 @@ static int get_callid(const char *dptr, unsigned int dataoff, if (ret > 0) break; if (!ret) - return 0; + return -EINVAL; dataoff += *matchoff; } - /* Empty callid is useless */ - if (!*matchlen) - return -EINVAL; - /* Too large is useless */ if (*matchlen > IP_VS_PEDATA_MAXLEN) return -EINVAL;