On Wed, Jun 05, 2019 at 12:32:40PM +0300, Igor Ryzhov wrote: > ct_sip_next_header and ct_sip_get_header return an absolute > value of matchoff, not a shift from current dataoff. > So dataoff should be assigned matchoff, not incremented by it. Could we get a more detailed description of this bug? A description of the simplified scenario / situation that help you found it would help here. Thanks. > Signed-off-by: Igor Ryzhov <iryzhov@xxxxxxxxxx> > --- > net/netfilter/nf_conntrack_sip.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c > index c30c883c370b..966c5948f926 100644 > --- a/net/netfilter/nf_conntrack_sip.c > +++ b/net/netfilter/nf_conntrack_sip.c > @@ -480,7 +480,7 @@ static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr, > return ret; > if (ret == 0) > break; > - dataoff += *matchoff; > + dataoff = *matchoff; > } > *in_header = 0; > } > @@ -492,7 +492,7 @@ static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr, > break; > if (ret == 0) > return ret; > - dataoff += *matchoff; > + dataoff = *matchoff; > } > > if (in_header) > -- > 2.21.0 >
