mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-13 02:25:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code

Browse Source 
Dan Carpenter says: "Smatch complains that the value for "cmd" comes
from the network and can't be trusted."

Add pptp_msg_name() helper function that checks for the array boundary.

Fixes: f09943fefe ("[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
2020-05-14 14:14:23 +02:00
parent a164b95ad6
commit 4c559f15ef
3 changed files with 38 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/netfilter/nf_conntrack_pptp.h
View File

@@ -10,7 +10,7 @@
#include <net/netfilter/nf_conntrack_expect.h>
#include <uapi/linux/netfilter/nf_conntrack_tuple_common.h>
extern const char *const pptp_msg_name[];
extern const char *const pptp_msg_name(u_int16_t msg);
/* state of the control session */
enum pptp_ctrlsess_state {