Re: [PATCH] netfilter: synproxy: fix BUG_ON triggered by corrupt TCP packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 30, 2013 at 08:51:46AM +0100, Patrick McHardy wrote:
> TCP packets hitting the SYN proxy through the SYNPROXY target are not
> validated by TCP conntrack. When th->doff is below 5, an underflow happens
> when calculating the options length, causing skb_header_pointer() to
> return NULL and triggering the BUG_ON().
> 
> Handle this case gracefully by checking for NULL instead of using BUG_ON().

Applied, thanks Patrick!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux