/[linux-patches]/genpatches-2.6/tags/2.6.15-2/1105_netfilter-pptp-crash-1.patch
Gentoo

Contents of /genpatches-2.6/tags/2.6.15-2/1105_netfilter-pptp-crash-1.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 259 - (show annotations) (download)
Wed Jan 11 21:46:01 2006 UTC (8 years, 7 months ago) by dsd
File size: 1071 byte(s)
2.6.15-2 release
1 From stable-bounces@linux.kernel.org Mon Jan 9 17:04:42 2006
2 Message-ID: <43C30717.8030205@trash.net>
3 Date: Tue, 10 Jan 2006 02:00:07 +0100
4 From: Patrick McHardy <kaber@trash.net>
5 To: stable@kernel.org
6 Cc:
7 Subject: [NETFILTER]: Fix crash in ip_nat_pptp
8
9 When an inbound PPTP_IN_CALL_REQUEST packet is received the
10 PPTP NAT helper uses a NULL pointer in pointer arithmentic to
11 calculate the offset in the packet which needs to be mangled
12 and corrupts random memory or crashes.
13
14 Signed-off-by: Patrick McHardy <kaber@trash.net>
15 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
16 ---
17 net/ipv4/netfilter/ip_nat_helper_pptp.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20 --- linux-2.6.15.y.orig/net/ipv4/netfilter/ip_nat_helper_pptp.c
21 +++ linux-2.6.15.y/net/ipv4/netfilter/ip_nat_helper_pptp.c
22 @@ -315,7 +315,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
23 break;
24 case PPTP_IN_CALL_REQUEST:
25 /* only need to nat in case PAC is behind NAT box */
26 - break;
27 + return NF_ACCEPT;
28 case PPTP_WAN_ERROR_NOTIFY:
29 pcid = &pptpReq->wanerr.peersCallID;
30 break;

  ViewVC Help
Powered by ViewVC 1.1.20