Re: [PATCH 1/1] ip_vs_sip_fill_param() uninitialized var

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello
On Wed, 2013-04-24 at 22:44 +0300, Julian Anastasov wrote:
> 	Hello,
[snip]
> On Wed, 24 Apr 2013, Hans Schillstrom wrote:
> 
> > The reason for this patch is crash in kmemdup
> > caused by uninitialized param into kmemdup()
> > 
> > diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c
> > index 00cc024..8767514 100644
> > --- a/net/netfilter/ipvs/ip_vs_pe_sip.c
> > +++ b/net/netfilter/ipvs/ip_vs_pe_sip.c
> > @@ -70,7 +70,7 @@ ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb)
> >  {
> >  	struct sk_buff *reasm = skb_nfct_reasm(skb);
> >  	struct ip_vs_iphdr iph;
> > -	unsigned int dataoff, datalen, matchoff, matchlen;
> > +	unsigned int dataoff, datalen, matchoff = 0, matchlen = 0;
> 
> 	It seems in get_callid() when ct_sip_get_header()
> returns 0 (missing header) we should return -EINVAL just
> like for the "Empty callid is useless" case, i.e. messages
> with empty/missing Call-ID should be dropped.
> 

It seems to  be the right cure for the patient,
I'll send a new patch and I will also remove the unneeded check for zero
matchlen since it is all ready done in ct_sip_get_header() 

-	/* Empty callid is useless */
-	if (!*matchlen)
-		return -EINVAL;
-

Thanks
Hans

> >  	const char *dptr;
> >  	int retc;
> >  
> > -- 
> > 1.7.11.7
> 
> Regards
> 
> --
> Julian Anastasov <ja@xxxxxx>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux