redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/ipv6/netfilter
History
Patrick McHardy f4a87e7bd2 netfilter: synproxy: fix BUG_ON triggered by corrupt TCP packets 
TCP packets hitting the SYN proxy through the SYNPROXY target are not
validated by TCP conntrack. When th->doff is below 5, an underflow happens
when calculating the options length, causing skb_header_pointer() to
return NULL and triggering the BUG_ON().

Handle this case gracefully by checking for NULL instead of using BUG_ON().

Reported-by: Martin Topholm <mph@one.com>
Tested-by: Martin Topholm <mph@one.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-09-30 12:44:38 +02:00
..
ip6_tables.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
ip6t_ah.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_eui64.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_frag.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_hbh.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_ipv6header.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ip6t_MASQUERADE.c netfilter: nf_conntrack: don't send destroy events from iterator 2013-08-09 12:03:33 +02:00
ip6t_mh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_NPT.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-07 18:37:01 -04:00
ip6t_REJECT.c netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged 2013-08-28 00:13:12 +02:00
ip6t_rpfilter.c netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too 2013-04-19 00:11:59 +02:00
ip6t_rt.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_SYNPROXY.c netfilter: synproxy: fix BUG_ON triggered by corrupt TCP packets 2013-09-30 12:44:38 +02:00
ip6table_filter.c PTR_RET is now PTR_ERR_OR_ZERO(): Replace most. 2013-07-15 11:25:01 +09:30
ip6table_mangle.c PTR_RET is now PTR_ERR_OR_ZERO(): Replace most. 2013-07-15 11:25:01 +09:30
ip6table_nat.c PTR_RET is now PTR_ERR_OR_ZERO(): Replace most. 2013-07-15 11:25:01 +09:30
ip6table_raw.c PTR_RET is now PTR_ERR_OR_ZERO(): Replace most. 2013-07-15 11:25:01 +09:30
ip6table_security.c PTR_RET is now PTR_ERR_OR_ZERO(): Replace most. 2013-07-15 11:25:01 +09:30
Kconfig netfilter: add IPv6 SYNPROXY target 2013-08-28 00:28:13 +02:00
Makefile netfilter: add IPv6 SYNPROXY target 2013-08-28 00:28:13 +02:00
nf_conntrack_l3proto_ipv6.c netfilter: nf_conntrack: make sequence number adjustments usuable without NAT 2013-08-28 00:26:48 +02:00
nf_conntrack_proto_icmpv6.c netfilter: nf_log: prepare net namespace support for loggers 2013-04-05 20:12:54 +02:00
nf_conntrack_reasm.c netfilter: implement RFC3168 5.3 (ecn protection) for ipv6 fragmentation handling 2013-04-06 13:06:37 +02:00
nf_defrag_ipv6_hooks.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
nf_nat_l3proto_ipv6.c netfilter: ipv6: using csum_ipv6_magic requires net/ip6_checksum.h 2012-09-05 17:46:06 -04:00
nf_nat_proto_icmpv6.c netfilter: nf_nat_proto_icmpv6:: fix wrong comparison in icmpv6_manip_pkt 2013-09-13 11:58:48 +02:00