Thanks Eric for replying > -----Original Messages----- > From: "Eric Dumazet" <eric.dumazet@xxxxxxxxx> > Sent Time: Thursday, January 28, 2016 > To: "Zhouyi Zhou" <zhouzhouyi@xxxxxxxxx> > Cc: pablo@xxxxxxxxxxxxx, kaber@xxxxxxxxx, kadlec@xxxxxxxxxxxxxxxxx, davem@xxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx, coreteam@xxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxx, "Zhouyi Zhou" <yizhouzhou@xxxxxxxxx> > Subject: Re: [PATCH V2] netfilter: h323: avoid potential attack > > On Thu, 2016-01-28 at 16:59 +0800, Zhouyi Zhou wrote: > > Thanks Eric for your review and advice. > > > > I think hackers chould build a malicious h323 packet to overflow > > the pointer p which will panic during the memcpy(addr, p, len) > > > > For example, he may fabricate a very large taddr->ipAddress.ip; > > > > Signed-off-by: Zhouyi Zhou <yizhouzhou@xxxxxxxxx> > > --- > > Except you did not address my feedback about potentially reading not > initialized memory. > > if the frame length was 1000 bytes, then surely accessing memory at > offset 8000 will either read garbage, or read data from a prior frame > and leak secrets. My patch is intend to prevent kernel panic, to prevent reading garbage or read data from a prior frame and leak secrets, the prototypes of the get_h2x5_addr functions and the functions that call get_h2x5_addr should be changed, should we do this? > > > Cheers Zhouyi -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
