07153c6ec0
It was reported that the Linux kernel sometimes logs: klogd: [2629147.402413] kernel BUG at net / netfilter / nf_conntrack_proto_tcp.c: 447! klogd: [1072212.887368] kernel BUG at net / netfilter / nf_conntrack_proto_tcp.c: 392 ipv4_get_l4proto() in nf_conntrack_l3proto_ipv4.c and tcp_error() in nf_conntrack_proto_tcp.c should catch malformed packets, so the errors at the indicated lines - TCP options parsing - should not happen. However, tcp_error() relies on the "dataoff" offset to the TCP header, calculated by ipv4_get_l4proto(). But ipv4_get_l4proto() does not check bogus ihl values in IPv4 packets, which then can slip through tcp_error() and get caught at the TCP options parsing routines. The patch fixes ipv4_get_l4proto() by invalidating packets with bogus ihl value. The patch closes netfilter bugzilla id 771. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
---|---|---|
.. | ||
arp_tables.c | ||
arpt_mangle.c | ||
arptable_filter.c | ||
ip_queue.c | ||
ip_tables.c | ||
ipt_ah.c | ||
ipt_CLUSTERIP.c | ||
ipt_ECN.c | ||
ipt_MASQUERADE.c | ||
ipt_NETMAP.c | ||
ipt_REDIRECT.c | ||
ipt_REJECT.c | ||
ipt_rpfilter.c | ||
ipt_ULOG.c | ||
iptable_filter.c | ||
iptable_mangle.c | ||
iptable_raw.c | ||
iptable_security.c | ||
Kconfig | ||
Makefile | ||
nf_conntrack_l3proto_ipv4.c | ||
nf_conntrack_l3proto_ipv4_compat.c | ||
nf_conntrack_proto_icmp.c | ||
nf_defrag_ipv4.c | ||
nf_nat_amanda.c | ||
nf_nat_core.c | ||
nf_nat_ftp.c | ||
nf_nat_h323.c | ||
nf_nat_helper.c | ||
nf_nat_irc.c | ||
nf_nat_pptp.c | ||
nf_nat_proto_common.c | ||
nf_nat_proto_dccp.c | ||
nf_nat_proto_gre.c | ||
nf_nat_proto_icmp.c | ||
nf_nat_proto_sctp.c | ||
nf_nat_proto_tcp.c | ||
nf_nat_proto_udp.c | ||
nf_nat_proto_udplite.c | ||
nf_nat_proto_unknown.c | ||
nf_nat_rule.c | ||
nf_nat_sip.c | ||
nf_nat_snmp_basic.c | ||
nf_nat_standalone.c | ||
nf_nat_tftp.c |