/[linux-patches]/genpatches-2.6/trunk/2.6.15/1105_netfilter-pptp-crash-1.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.15/1105_netfilter-pptp-crash-1.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 257 - (hide annotations) (download) (as text)
Wed Jan 11 21:27:56 2006 UTC (14 years, 7 months ago) by dsd
File MIME type: text/x-diff
File size: 1071 byte(s)
reorder
1 dsd 255 From stable-bounces@linux.kernel.org Mon Jan 9 17:04:42 2006
2     Message-ID: <43C30717.8030205@trash.net>
3     Date: Tue, 10 Jan 2006 02:00:07 +0100
4     From: Patrick McHardy <kaber@trash.net>
5     To: stable@kernel.org
6     Cc:
7     Subject: [NETFILTER]: Fix crash in ip_nat_pptp
8    
9     When an inbound PPTP_IN_CALL_REQUEST packet is received the
10     PPTP NAT helper uses a NULL pointer in pointer arithmentic to
11     calculate the offset in the packet which needs to be mangled
12     and corrupts random memory or crashes.
13    
14     Signed-off-by: Patrick McHardy <kaber@trash.net>
15     Signed-off-by: Chris Wright <chrisw@sous-sol.org>
16     ---
17     net/ipv4/netfilter/ip_nat_helper_pptp.c | 2 +-
18     1 file changed, 1 insertion(+), 1 deletion(-)
19    
20     --- linux-2.6.15.y.orig/net/ipv4/netfilter/ip_nat_helper_pptp.c
21     +++ linux-2.6.15.y/net/ipv4/netfilter/ip_nat_helper_pptp.c
22     @@ -315,7 +315,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
23     break;
24     case PPTP_IN_CALL_REQUEST:
25     /* only need to nat in case PAC is behind NAT box */
26     - break;
27     + return NF_ACCEPT;
28     case PPTP_WAN_ERROR_NOTIFY:
29     pcid = &pptpReq->wanerr.peersCallID;
30     break;

  ViewVC Help
Powered by ViewVC 1.1.20