/[linux-patches]/genpatches-2.6/trunk/2.6.14/1184_7_netfilter-pptp-crash-1.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.14/1184_7_netfilter-pptp-crash-1.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 292 - (show annotations) (download) (as text)
Tue Jan 31 21:50:53 2006 UTC (14 years, 9 months ago) by johnm
File MIME type: text/x-diff
File size: 1217 byte(s)
Large update - thanks goes to Kerin Millar for the legwork.
1 From stable-bounces@linux.kernel.org Mon Jan 9 17:04:42 2006
2 Message-ID: <43C30717.8030205@trash.net>
3 Date: Tue, 10 Jan 2006 02:00:07 +0100
4 From: Patrick McHardy <kaber@trash.net>
5 To: stable@kernel.org
6 Cc:
7 Subject: [NETFILTER]: Fix crash in ip_nat_pptp (CVE-2006-0036)
8
9 When an inbound PPTP_IN_CALL_REQUEST packet is received the
10 PPTP NAT helper uses a NULL pointer in pointer arithmentic to
11 calculate the offset in the packet which needs to be mangled
12 and corrupts random memory or crashes.
13
14 Signed-off-by: Patrick McHardy <kaber@trash.net>
15 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
16 ---
17 net/ipv4/netfilter/ip_nat_helper_pptp.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20 Index: linux-2.6.14.6/net/ipv4/netfilter/ip_nat_helper_pptp.c
21 ===================================================================
22 --- linux-2.6.14.6.orig/net/ipv4/netfilter/ip_nat_helper_pptp.c
23 +++ linux-2.6.14.6/net/ipv4/netfilter/ip_nat_helper_pptp.c
24 @@ -313,7 +313,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
25 break;
26 case PPTP_IN_CALL_REQUEST:
27 /* only need to nat in case PAC is behind NAT box */
28 - break;
29 + return NF_ACCEPT;
30 case PPTP_WAN_ERROR_NOTIFY:
31 pcid = &pptpReq->wanerr.peersCallID;
32 break;

  ViewVC Help
Powered by ViewVC 1.1.20