Eric Sesterhenn <eric.sesterhenn@xxxxxxxxxxx> wrote: > Add missing counter decrement to prevent out of bounds memory read. > > Signed-off-by: Eric Sesterhenn <eric.sesterhenn@xxxxxxxxxxx> > > diff --git a/net/netfilter/nf_conntrack_h323_asn1.c > b/net/netfilter/nf_conntrack_h323_asn1.c > index 89b2e46925c4..2a9d1acd0cbd 100644 > --- a/net/netfilter/nf_conntrack_h323_asn1.c > +++ b/net/netfilter/nf_conntrack_h323_asn1.c > @@ -877,6 +877,7 @@ int DecodeQ931(unsigned char *buf, size_t sz, Q931 > *q931) > if (sz < 1) > break; > len = *p++; > + sz--; > if (sz < len) > break; > p += len; LGTM. Acked-by: Florian Westphal <fw@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
