linux/net/netfilter
Patrick McHardy e3b802ba88 netfilter: nf_conntrack_irc: make sure string is terminated before calling simple_strtoul
Alexey Dobriyan points out:

1. simple_strtoul() silently accepts all characters for given base even
   if result won't fit into unsigned long. This is amazing stupidity in
   itself, but

2. nf_conntrack_irc helper use simple_strtoul() for DCC request parsing.
   Data first copied into 64KB buffer, so theoretically nothing prevents
   reading past the end of it, since data comes from network given 1).

This is not actually a problem currently since we're guaranteed to have
a 0 byte in skb_shared_info or in the buffer the data is copied to, but
to make this more robust, make sure the string is actually terminated.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-07 18:21:24 -07:00
..
core.c
Kconfig netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
Makefile netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
nf_conntrack_acct.c netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
nf_conntrack_amanda.c
nf_conntrack_core.c netfilter: fix two recent sysctl problems 2008-08-06 02:35:44 -07:00
nf_conntrack_ecache.c
nf_conntrack_expect.c
nf_conntrack_extend.c netfilter: nf_conntrack_extend: avoid unnecessary "ct->ext" dereferences 2008-07-26 17:50:05 -07:00
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c netfilter: nf_conntrack_h323: fix module unload crash 2008-06-17 15:52:32 -07:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
nf_conntrack_irc.c netfilter: nf_conntrack_irc: make sure string is terminated before calling simple_strtoul 2008-09-07 18:21:24 -07:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: sleepable allocation with spin lock bh 2008-08-18 21:31:46 -07:00
nf_conntrack_pptp.c
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: nf_conntrack_gre: nf_ct_gre_keymap_flush() fixlet 2008-09-07 18:20:36 -07:00
nf_conntrack_proto_sctp.c netfilter: nf_conntrack_sctp: fix sparse warnings 2008-07-21 10:11:02 -07:00
nf_conntrack_proto_tcp.c netfilter: nf_conntrack_tcp: decrease timeouts while data in unacknowledged 2008-07-31 00:38:01 -07:00
nf_conntrack_proto_udp.c
nf_conntrack_proto_udplite.c
nf_conntrack_proto.c
nf_conntrack_sane.c
nf_conntrack_sip.c netfilter: nf_conntrack_sip: de-static helper pointers 2008-09-07 18:19:25 -07:00
nf_conntrack_standalone.c netfilter: fix two recent sysctl problems 2008-08-06 02:35:44 -07:00
nf_conntrack_tftp.c
nf_internals.h
nf_log.c netfilter: Make nflog quiet when no one listen in userspace. 2008-06-11 17:50:27 -07:00
nf_queue.c
nf_sockopt.c netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
nfnetlink_log.c netfilter: nfnetlink_log: send complete hardware header 2008-07-21 10:11:00 -07:00
nfnetlink_queue.c netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
nfnetlink.c
x_tables.c
xt_CLASSIFY.c
xt_comment.c
xt_connbytes.c netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
xt_connlimit.c
xt_connmark.c
xt_CONNMARK.c
xt_CONNSECMARK.c
xt_conntrack.c
xt_dccp.c
xt_dscp.c
xt_DSCP.c
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: fix race between htable_destroy and htable_gc 2008-07-31 00:38:52 -07:00
xt_helper.c
xt_iprange.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_MARK.c
xt_multiport.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_NOTRACK.c
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c
xt_realm.c
xt_sctp.c
xt_SECMARK.c
xt_state.c
xt_statistic.c
xt_string.c netfilter: fix string extension for case insensitive pattern matching 2008-07-08 02:38:56 -07:00
xt_tcpmss.c
xt_TCPMSS.c netfilter: xt_TCPMSS: collapse tcpmss_reverse_mtu{4,6} into one function 2008-07-21 10:11:01 -07:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_time.c netfilter: xt_time: fix time's time_mt()'s use of do_div() 2008-07-21 10:10:59 -07:00
xt_TRACE.c
xt_u32.c