{"id":2231384,"url":"http://patchwork.ozlabs.org/api/covers/2231384/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/cover/20260430161230.3438973-1-rc@rexion.ai/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260430161230.3438973-1-rc@rexion.ai>","list_archive_url":null,"date":"2026-04-30T16:12:28","name":"[net-next,0/2] netfilter: conntrack: validate parsed port values in IRC and Amanda helpers","submitter":{"id":93293,"url":"http://patchwork.ozlabs.org/api/people/93293/?format=json","name":"HACKE-RC","email":"rc@rexion.ai"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/cover/20260430161230.3438973-1-rc@rexion.ai/mbox/","series":[{"id":502338,"url":"http://patchwork.ozlabs.org/api/series/502338/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=502338","date":"2026-04-30T16:12:29","name":"netfilter: conntrack: validate parsed port values in IRC and Amanda helpers","version":1,"mbox":"http://patchwork.ozlabs.org/series/502338/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/2231384/comments/","headers":{"Return-Path":"\n <netfilter-devel+bounces-12345-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"key not found in DNS\" header.d=rexion.ai\n header.i=@rexion.ai header.a=rsa-sha256 header.s=spacemail header.b=XuWIc38a;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=104.64.211.4; helo=sin.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12345-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=fail reason=\"key not found in DNS\" (0-bit key) header.d=rexion.ai\n header.i=@rexion.ai header.b=\"XuWIc38a\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=63.250.43.96","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=rexion.ai","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=rexion.ai"],"Received":["from sin.lore.kernel.org (sin.lore.kernel.org [104.64.211.4])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g60350QyJz1yHZ\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 02:28:17 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 8DD43301B69F\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 16:20:16 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 28F5347278D;\n\tThu, 30 Apr 2026 16:20:04 +0000 (UTC)","from out-13.smtp.spacemail.com (out-13.smtp.spacemail.com\n [63.250.43.96])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 00C733382FC;\n\tThu, 30 Apr 2026 16:20:00 +0000 (UTC)","from Kyren (unknown [49.207.224.37])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby mail.spacemail.com (Postfix) with ESMTPSA id 4g5zhy2N22z2x9M;\n\tThu, 30 Apr 2026 16:12:34 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777566003; cv=none;\n b=p4YASj4Ed3HFrZ1mOhB+7ll5ygsS9eBbZ8cUtVnIgvmbewjxKK9DOgFru8nwk2eMgONp4Qnzn0r6zR0Xjr8Mq0yUihWhr7i+YSvr6qAVzOTc/MXWjZBa27xNvH3ykD42+h8GTgDkqEskeUXhHdaJoLWDXXdtOgm5Dcp3mp7rQVk=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777566003; c=relaxed/simple;\n\tbh=qcWpcofcD5xQONZRCZG2JVsf06Gg8/Szb89ksk12cPc=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=EOfdTe/nCzb38XWdJL28Vb/zKCPar62jUw/0LtdN+sxkgYCj28yoskoIpY82JLoCRTcdu88M3lk8NLJiIHIdJVL0utq/cnNHDdiDwWVV0SKKY/BunZb38t5t9sqpq3X2IC00tOFeFVJadg5SflfmlkDmnUgfC07Qbo+7s8eiXWM=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=rexion.ai;\n spf=pass smtp.mailfrom=rexion.ai;\n dkim=fail (0-bit key) header.d=rexion.ai header.i=@rexion.ai\n header.b=XuWIc38a reason=\"key not found in DNS\";\n arc=none smtp.client-ip=63.250.43.96","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=rexion.ai;\n\ts=spacemail; t=1777565558;\n\tbh=6pgjt9PVUYpaS1esvDnc3/NQF+deIy8NLJHpEbltOuU=;\n\th=From:To:Cc:Subject:Date:From;\n\tb=XuWIc38aDBqengf1KoqK6026kkWGm61ataZV36C7HzK24FQkNQQwbp9t8G5urljI7\n\t pc05NVEyrXCk/ZbMm9+ztAn8+xgdxqBdDLA+53dsf5yw6YrhmDeUILe7Q11T1d2unN\n\t 2oN3kiFrewLAibblDAabMffJ+9Crep6ThLZ8vMCB7Se3jUDrUK8bJhEg+LISg6PO6K\n\t xOz7Swy5AqMqu12/Ba5tqe0F1ZtRYImpUKViuH0pelA0/6Clh6EUJLEb1Ig/RnwnB9\n\t +FCgZWfFI6ocpC3IHoTjsje9Xs2E/VfYokxQDF9ZIQjxmXpWc/fkF+ni1j90sGaxdz\n\t tAYnufDxflWGg==","From":"HACKE-RC <rc@rexion.ai>","To":"Pablo Neira Ayuso <pablo@netfilter.org>,\n\tFlorian Westphal <fw@strlen.de>","Cc":"Phil Sutter <phil@nwl.cc>,\n\t\"David S . Miller\" <davem@davemloft.net>,\n\tEric Dumazet <edumazet@google.com>,\n\tJakub Kicinski <kuba@kernel.org>,\n\tPaolo Abeni <pabeni@redhat.com>,\n\tSimon Horman <horms@kernel.org>,\n\tnetfilter-devel@vger.kernel.org,\n\tcoreteam@netfilter.org,\n\tnetdev@vger.kernel.org,\n\tlinux-kernel@vger.kernel.org,\n\tHACKE-RC <rc@rexion.ai>","Subject":"[PATCH net-next 0/2] netfilter: conntrack: validate parsed port\n values in IRC and Amanda helpers","Date":"Thu, 30 Apr 2026 21:42:28 +0530","Message-ID":"<20260430161230.3438973-1-rc@rexion.ai>","X-Mailer":"git-send-email 2.54.0","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-Envelope-From":"rc@rexion.ai"},"content":"Both nf_conntrack_irc and nf_conntrack_amanda parse port numbers from\napplication-layer protocol data using simple_strtoul(), which returns\nunsigned long. The results are stored in u16 variables without range\nchecks, silently truncating values above 65535.\n\nThis series adds explicit upper-bound validation in both helpers.\n\nNote: checkpatch warns about simple_strtoul being obsolete. Both\ncall sites use the endptr output parameter to advance the parse\nposition, which kstrtoul does not provide. Converting to kstrtoul\nwould require restructuring the parsers, which is out of scope for\nthis fix.\n\nHACKE-RC (2):\n  netfilter: nf_conntrack_irc: reject DCC port values above 65535\n  netfilter: nf_conntrack_amanda: reject port values above 65535\n\n net/netfilter/nf_conntrack_amanda.c | 10 ++++++----\n net/netfilter/nf_conntrack_irc.c    |  7 ++++++-\n 2 files changed, 12 insertions(+), 5 deletions(-)"}