From: Toby DiPasquale
This patch corrects an off-by-one error in the DecodeQ931 function in
the nf_conntrack_h323 module. This error could result in reading off
the end of a Q.931 frame.
Signed-off-by: Toby DiPasquale
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_conntrack_h323_asn1.c
27;t know why it wasn't applied yet.
>>
>> Pablo?
>
> This doesn't apply.
>
> $ git am /tmp/off-by-one-in-DecodeQ931.patch -s
> Applying: off-by-one in DecodeQ931
> error: patch failed: net/netfilter/nf_conntrack_h323_asn1.c:846
> error: net/netfilter/nf_co
On Mon, Jun 06, 2016 at 04:35:55PM +0200, Florian Westphal wrote:
> Toby DiPasquale wrote:
> > Is this latest patch OK?
>
> Yes, I don't know why it wasn't applied yet.
>
> Pablo?
This doesn't apply.
$ git am /tmp/off-by-one-in-DecodeQ931.patch -s
Appl
Toby DiPasquale wrote:
> Is this latest patch OK?
Yes, I don't know why it wasn't applied yet.
Pablo?
Is this latest patch OK?
On Tue, May 3, 2016 at 1:12 AM, Toby DiPasquale wrote:
> On Mon, Apr 25, 2016 at 11:29 AM, Florian Westphal wrote:
>> -> sz (size_t) will underflow here
>>
>> I'd suggest to change the if (sz < 1) to if (sz < 2) to
>> resolve this, the while loop below has to be taken an
I'm a bit new to this; is this patch OK?
On Tue, May 3, 2016 at 1:12 AM, Toby DiPasquale wrote:
> On Mon, Apr 25, 2016 at 11:29 AM, Florian Westphal wrote:
>> -> sz (size_t) will underflow here
>>
>> I'd suggest to change the if (sz < 1) to if (sz < 2) to
>> resolve this, the while loop below ha
On Mon, Apr 25, 2016 at 11:29 AM, Florian Westphal wrote:
> -> sz (size_t) will underflow here
>
> I'd suggest to change the if (sz < 1) to if (sz < 2) to
> resolve this, the while loop below has to be taken anyway.
Thanks, Florian! Updated patch below:
Signed-off-by: Toby DiPasquale
diff --gi
Toby DiPasquale wrote:
> I was reviewing the H.323 conntrack helper in the kernel when I came
> across what appears to be an off-by-one error in the DecodeQ931
> function. The MessageType field of the Q931 record is assigned and p
> is incremented, but the corresponding decrement to sz is missing,
I was reviewing the H.323 conntrack helper in the kernel when I came
across what appears to be an off-by-one error in the DecodeQ931
function. The MessageType field of the Q931 record is assigned and p
is incremented, but the corresponding decrement to sz is missing,
leading the sz variable to be o
