diff options
author | Patrick McHardy <kaber@trash.net> | 2008-09-08 05:21:24 +0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-09-08 05:21:24 +0400 |
commit | e3b802ba885b54f4050164c3cfd9e0ba9c73173a (patch) | |
tree | ff57e0687a42951c974db349dd67ccb5caf4423f /crypto | |
parent | 51807e91a76a531d059ec7ce3395c435e4df52a8 (diff) | |
download | linux-e3b802ba885b54f4050164c3cfd9e0ba9c73173a.tar.xz |
netfilter: nf_conntrack_irc: make sure string is terminated before calling simple_strtoul
Alexey Dobriyan points out:
1. simple_strtoul() silently accepts all characters for given base even
if result won't fit into unsigned long. This is amazing stupidity in
itself, but
2. nf_conntrack_irc helper use simple_strtoul() for DCC request parsing.
Data first copied into 64KB buffer, so theoretically nothing prevents
reading past the end of it, since data comes from network given 1).
This is not actually a problem currently since we're guaranteed to have
a 0 byte in skb_shared_info or in the buffer the data is copied to, but
to make this more robust, make sure the string is actually terminated.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'crypto')
0 files changed, 0 insertions, 0 deletions