diff mbox series

netfilter: seqadj: check seq offset before update

Message ID 20211224023713.9260-1-zhangkaiheb@126.com
State Rejected, archived
Delegated to: Pablo Neira
Headers show
Series netfilter: seqadj: check seq offset before update | expand

Commit Message

kai zhang Dec. 24, 2021, 2:37 a.m. UTC 
if seq/ack offset is zero, don't update

Signed-off-by: zhang kai <zhangkaiheb@126.com>
---
 net/netfilter/nf_conntrack_seqadj.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

Comments

Pablo Neira Ayuso Jan. 6, 2022, 9:53 p.m. UTC | #1 
On Fri, Dec 24, 2021 at 10:37:13AM +0800, zhang kai wrote:
> if seq/ack offset is zero, don't update

Please, provide more details: explain the scenario that triggers and
seq/ack offset adjustment of zero, describe the scenario that triggers
the bug, etc.

> Signed-off-by: zhang kai <zhangkaiheb@126.com>
> ---
>  net/netfilter/nf_conntrack_seqadj.c | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)
> 
> diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
> index 3066449f8bd8..d35e272a2e36 100644
> --- a/net/netfilter/nf_conntrack_seqadj.c
> +++ b/net/netfilter/nf_conntrack_seqadj.c
> @@ -186,11 +186,13 @@ int nf_ct_seq_adjust(struct sk_buff *skb,
>  	else
>  		seqoff = this_way->offset_before;
>  
> -	newseq = htonl(ntohl(tcph->seq) + seqoff);
> -	inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, false);
> -	pr_debug("Adjusting sequence number from %u->%u\n",
> -		 ntohl(tcph->seq), ntohl(newseq));
> -	tcph->seq = newseq;
> +	if (seqoff) {
> +		newseq = htonl(ntohl(tcph->seq) + seqoff);
> +		inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, false);
> +		pr_debug("Adjusting sequence number from %u->%u\n",
> +			 ntohl(tcph->seq), ntohl(newseq));
> +		tcph->seq = newseq;
> +	}
>  
>  	if (!tcph->ack)
>  		goto out;
> @@ -201,6 +203,9 @@ int nf_ct_seq_adjust(struct sk_buff *skb,
>  	else
>  		ackoff = other_way->offset_before;
>  
> +	if (!ackoff)
> +		goto out;
> +
>  	newack = htonl(ntohl(tcph->ack_seq) - ackoff);
>  	inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack,
>  				 false);
> -- 
> 2.17.1
>
diff mbox series

Patch

diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
index 3066449f8bd8..d35e272a2e36 100644
--- a/net/netfilter/nf_conntrack_seqadj.c
+++ b/net/netfilter/nf_conntrack_seqadj.c
@@ -186,11 +186,13 @@  int nf_ct_seq_adjust(struct sk_buff *skb,
 	else
 		seqoff = this_way->offset_before;
 
-	newseq = htonl(ntohl(tcph->seq) + seqoff);
-	inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, false);
-	pr_debug("Adjusting sequence number from %u->%u\n",
-		 ntohl(tcph->seq), ntohl(newseq));
-	tcph->seq = newseq;
+	if (seqoff) {
+		newseq = htonl(ntohl(tcph->seq) + seqoff);
+		inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, false);
+		pr_debug("Adjusting sequence number from %u->%u\n",
+			 ntohl(tcph->seq), ntohl(newseq));
+		tcph->seq = newseq;
+	}
 
 	if (!tcph->ack)
 		goto out;
@@ -201,6 +203,9 @@  int nf_ct_seq_adjust(struct sk_buff *skb,
 	else
 		ackoff = other_way->offset_before;
 
+	if (!ackoff)
+		goto out;
+
 	newack = htonl(ntohl(tcph->ack_seq) - ackoff);
 	inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack,
 				 false);