* [PATCH 2.4] netfilter: fix UDP incremental checksumming
@ 2003-10-02 14:26 Harald Welte
2003-10-13 18:17 ` [PATCH 2.4 RESEND] netfilter: add size check for udp packet mangling Martin Josefsson
0 siblings, 1 reply; 3+ messages in thread
From: Harald Welte @ 2003-10-02 14:26 UTC (permalink / raw)
To: David Miller; +Cc: Netfilter Development Mailinglist
[-- Attachment #1.1: Type: text/plain, Size: 562 bytes --]
Hi Davem!
Please apply the following patchto your 2.4 tree and push it to Marcelo.
Thanks.
Author: Patrick McHardy <kaber@trash.net>
Add size check to ip_nat_mangle_udp_packet
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #1.2: 79_mangle_udp-sizecheck.patch --]
[-- Type: text/plain, Size: 1231 bytes --]
# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
# ChangeSet 1.1134 -> 1.1135
# net/ipv4/netfilter/ip_nat_helper.c 1.10 -> 1.11
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 03/09/28 kaber@trash.net 1.1135
# [NETFILTER]: Add size check to ip_nat_mangle_udp_packet
# --------------------------------------------
#
diff -Nru a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
--- a/net/ipv4/netfilter/ip_nat_helper.c Sun Sep 28 04:40:29 2003
+++ b/net/ipv4/netfilter/ip_nat_helper.c Sun Sep 28 04:40:29 2003
@@ -233,6 +233,13 @@
newudplen = udplen - match_len + rep_len;
newlen = iph->ihl*4 + newudplen;
+ /* UDP helpers might accidentally mangle the wrong packet */
+ if (udplen < sizeof(*udph) + match_offset + match_len) {
+ if (net_ratelimit())
+ printk("ip_nat_mangle_udp_packet: undersized packet\n");
+ return 0;
+ }
+
if (newlen > 65535) {
if (net_ratelimit())
printk("ip_nat_mangle_udp_packet: nat'ed packet "
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 2.4 RESEND] netfilter: add size check for udp packet mangling
2003-10-02 14:26 [PATCH 2.4] netfilter: fix UDP incremental checksumming Harald Welte
@ 2003-10-13 18:17 ` Martin Josefsson
2003-10-13 19:37 ` David S. Miller
0 siblings, 1 reply; 3+ messages in thread
From: Martin Josefsson @ 2003-10-13 18:17 UTC (permalink / raw)
To: David Miller; +Cc: Harald Welte, Netfilter Development Mailinglist
[-- Attachment #1.1: Type: text/plain, Size: 564 bytes --]
On Thu, 2003-10-02 at 16:26, Harald Welte wrote:
> Hi Davem!
>
> Please apply the following patchto your 2.4 tree and push it to Marcelo.
> Thanks.
>
>
> Author: Patrick McHardy <kaber@trash.net>
>
> Add size check to ip_nat_mangle_udp_packet
Hi Dave
Harald sent this with the wrong subject and it got dropped.
Here it is with the correct subject.
Found when syncing patch-o-matic with 2.4-bk
Please apply. More resends are coming.
Author: Patrick McHardy <kaber@trash.net>
Add size check to ip_nat_mangle_udp_packet
--
/Martin
[-- Attachment #1.2: 79_mangle_udp-sizecheck.patch --]
[-- Type: text/plain, Size: 1231 bytes --]
# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
# ChangeSet 1.1134 -> 1.1135
# net/ipv4/netfilter/ip_nat_helper.c 1.10 -> 1.11
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 03/09/28 kaber@trash.net 1.1135
# [NETFILTER]: Add size check to ip_nat_mangle_udp_packet
# --------------------------------------------
#
diff -Nru a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
--- a/net/ipv4/netfilter/ip_nat_helper.c Sun Sep 28 04:40:29 2003
+++ b/net/ipv4/netfilter/ip_nat_helper.c Sun Sep 28 04:40:29 2003
@@ -233,6 +233,13 @@
newudplen = udplen - match_len + rep_len;
newlen = iph->ihl*4 + newudplen;
+ /* UDP helpers might accidentally mangle the wrong packet */
+ if (udplen < sizeof(*udph) + match_offset + match_len) {
+ if (net_ratelimit())
+ printk("ip_nat_mangle_udp_packet: undersized packet\n");
+ return 0;
+ }
+
if (newlen > 65535) {
if (net_ratelimit())
printk("ip_nat_mangle_udp_packet: nat'ed packet "
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 2.4 RESEND] netfilter: add size check for udp packet mangling
2003-10-13 18:17 ` [PATCH 2.4 RESEND] netfilter: add size check for udp packet mangling Martin Josefsson
@ 2003-10-13 19:37 ` David S. Miller
0 siblings, 0 replies; 3+ messages in thread
From: David S. Miller @ 2003-10-13 19:37 UTC (permalink / raw)
To: Martin Josefsson; +Cc: laforge, netfilter-devel
On Mon, 13 Oct 2003 20:17:38 +0200
Martin Josefsson <gandalf@netfilter.org> wrote:
> Harald sent this with the wrong subject and it got dropped.
> Here it is with the correct subject.
> Found when syncing patch-o-matic with 2.4-bk
> Please apply. More resends are coming.
Applied, thanks for doing these double-checks with patch-o-matic.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-10-13 19:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-10-02 14:26 [PATCH 2.4] netfilter: fix UDP incremental checksumming Harald Welte
2003-10-13 18:17 ` [PATCH 2.4 RESEND] netfilter: add size check for udp packet mangling Martin Josefsson
2003-10-13 19:37 ` David S. Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.