Hello
On Wed, 2013-04-24 at 22:44 +0300, Julian Anastasov wrote:
> Hello,
[snip]
> On Wed, 24 Apr 2013, Hans Schillstrom wrote:
>
> > The reason for this patch is crash in kmemdup
> > caused by uninitialized param into kmemdup()
> >
> > diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c
> > index 00cc024..8767514 100644
> > --- a/net/netfilter/ipvs/ip_vs_pe_sip.c
> > +++ b/net/netfilter/ipvs/ip_vs_pe_sip.c
> > @@ -70,7 +70,7 @@ ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb)
> > {
> > struct sk_buff *reasm = skb_nfct_reasm(skb);
> > struct ip_vs_iphdr iph;
> > - unsigned int dataoff, datalen, matchoff, matchlen;
> > + unsigned int dataoff, datalen, matchoff = 0, matchlen = 0;
>
> It seems in get_callid() when ct_sip_get_header()
> returns 0 (missing header) we should return -EINVAL just
> like for the "Empty callid is useless" case, i.e. messages
> with empty/missing Call-ID should be dropped.
>
It seems to be the right cure for the patient,
I'll send a new patch and I will also remove the unneeded check for zero
matchlen since it is all ready done in ct_sip_get_header()
- /* Empty callid is useless */
- if (!*matchlen)
- return -EINVAL;
-
Thanks
Hans
> > const char *dptr;
> > int retc;
> >
> > --
> > 1.7.11.7
>
> Regards
>
> --
> Julian Anastasov <ja@xxxxxx>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
