From: Patrick McHardy <kaber@xxxxxxxxx> Date: Thu, 4 Sep 2008 16:15:58 +0200 (MEST) > netfilter: nf_conntrack_irc: make sure string is terminated before calling simple_strtoul > > Alexey Dobriyan points out: > > 1. simple_strtoul() silently accepts all characters for given base even > if result won't fit into unsigned long. This is amazing stupidity in > itself, but > > 2. nf_conntrack_irc helper use simple_strtoul() for DCC request parsing. > Data first copied into 64KB buffer, so theoretically nothing prevents > reading past the end of it, since data comes from network given 1). > > This is not actually a problem currently since we're guaranteed to have > a 0 byte in skb_shared_info or in the buffer the data is copied to, but > to make this more robust, make sure the string is actually terminated. > > Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> Also applied, thanks Patrick. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
