fix off-by-one in DecodeQ931
This patch corrects an off-by-one error in the DecodeQ931 function in
the nf_conntrack_h323 module. This error could result in reading off
the end of a Q.931 frame.
Signed-off-by: Toby DiPasquale
---
net/netfilter/nf_conntrack_h323_asn1.c | 3 ++-
1 file changed
---
net/netfilter/nf_conntrack_h323_asn1.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_h323_asn1.c
b/net/netfilter/nf_conntrack_h323_asn1.c
index bcd5ed6..89b2e46 100644
--- a/net/netfilter/nf_conntrack_h323_asn1.c
+++ b/net/netfilter/nf_conntr
Attached is the patch generated with git format-patch.
On Mon, Jun 6, 2016 at 10:55 AM, Pablo Neira Ayuso wrote:
> On Mon, Jun 06, 2016 at 04:35:55PM +0200, Florian Westphal wrote:
>> Toby DiPasquale wrote:
>> > Is this latest patch OK?
>>
>> Yes, I don&#x
Is this latest patch OK?
On Tue, May 3, 2016 at 1:12 AM, Toby DiPasquale wrote:
> On Mon, Apr 25, 2016 at 11:29 AM, Florian Westphal wrote:
>> -> sz (size_t) will underflow here
>>
>> I'd suggest to change the if (sz < 1) to if (sz < 2) to
>> resolve t
I'm a bit new to this; is this patch OK?
On Tue, May 3, 2016 at 1:12 AM, Toby DiPasquale wrote:
> On Mon, Apr 25, 2016 at 11:29 AM, Florian Westphal wrote:
>> -> sz (size_t) will underflow here
>>
>> I'd suggest to change the if (sz < 1) to if (sz < 2)
On Mon, Apr 25, 2016 at 11:29 AM, Florian Westphal wrote:
> -> sz (size_t) will underflow here
>
> I'd suggest to change the if (sz < 1) to if (sz < 2) to
> resolve this, the while loop below has to be taken anyway.
Thanks, Florian! Updated patch below:
Signed-off-
one more than it should be. This patch
decrements sz so it is the proper value going into the parsing of the
information elements.
Signed-off-by: Toby DiPasquale
--
diff --git a/net/netfilter/nf_conntrack_h323_asn1.c
b/net/netfilter/nf_conntrack_h323_asn1.c
index bcd5ed6..68b1557 100644
--- a/net
