From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752706AbcGDGO6 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 4 Jul 2016 02:14:58 -0400
Received: from pegase1.c-s.fr ([93.17.236.30]:2518 "EHLO pegase1.c-s.fr"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750895AbcGDGOz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 4 Jul 2016 02:14:55 -0400
Subject: Re: [PATCH] netfilter: nf_conntrack_sip: CSeq 0 is a valid CSeq
To: Liping Zhang <zlpnobody@gmail.com>
References: <20160701094833.B281E1A23A2@localhost.localdomain>
 <CAML_gOdB=SjFyXosSb4MtaEymsAGV3beQwQqZMyhbezy=yDgxQ@mail.gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>, Patrick McHardy <kaber@trash.net>,
        Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
        "David S. Miller" <davem@davemloft.net>,
        netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
From: Christophe Leroy <christophe.leroy@c-s.fr>
Message-ID: <bb18da60-bd09-05e0-0244-49942abbd1bd@c-s.fr>
Date: Mon, 4 Jul 2016 08:14:52 +0200
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <CAML_gOdB=SjFyXosSb4MtaEymsAGV3beQwQqZMyhbezy=yDgxQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



Le 04/07/2016 à 07:48, Liping Zhang a écrit :
> 2016-07-01 17:48 GMT+08:00 Christophe Leroy <christophe.leroy@c-s.fr>:
>> Do not drop packet when CSeq is 0 as 0 is also a valid value for CSeq.
>>
>> --- a/net/netfilter/nf_conntrack_sip.c
>> +++ b/net/netfilter/nf_conntrack_sip.c
>> @@ -1368,6 +1368,7 @@ static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
>>         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
>>         unsigned int matchoff, matchlen, matchend;
>>         unsigned int code, cseq, i;
>> +       char buf[21];
>>
>>         if (*datalen < strlen("SIP/2.0 200"))
>>                 return NF_ACCEPT;
>> @@ -1382,8 +1383,13 @@ static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
>>                 nf_ct_helper_log(skb, ct, "cannot parse cseq");
>>                 return NF_DROP;
>>         }
>> -       cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
>> -       if (!cseq) {
>
> I think there is no need to convert simple_strtoul to kstrtouint, add
> a further check seems better?
> Like this:
>  -       if (!cseq) {
> +       if (!cseq && *(*dptr + matchoff) != '0') {
>

And what about an invalid CSeq that would look like CSeq: 0abzk852 ?
Should we check it is 0 + space instead ?

>> +       if (matchlen > sizeof(buf) - 1) {
>> +               nf_ct_helper_log(skb, ct, "cannot parse cseq (too big)");
>> +               return NF_DROP;
>> +       }
>> +       memcpy(buf, *dptr + matchoff, matchlen);
>> +       buf[matchlen] = 0;
>> +       if (kstrtouint(buf, 10, &cseq)) {
>>                 nf_ct_helper_log(skb, ct, "cannot get cseq");
>>                 return NF_DROP;
>>         }