summaryrefslogtreecommitdiff
path: root/fs/jbd/commit.c
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2012-04-03 22:02:01 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-10-21 09:17:11 -0700
commit7e3cf6ea62cdaf3c556e43b09883e5d63c94536f (patch)
tree41f131260c8f1863c4adaccb5813330d721dbc1d /fs/jbd/commit.c
parent716362d00bff2312c0afffacbb9d4c9deb3faa96 (diff)
netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
commit 07153c6ec074257ade76a461429b567cff2b3a1e upstream. It was reported that the Linux kernel sometimes logs: klogd: [2629147.402413] kernel BUG at net / netfilter / nf_conntrack_proto_tcp.c: 447! klogd: [1072212.887368] kernel BUG at net / netfilter / nf_conntrack_proto_tcp.c: 392 ipv4_get_l4proto() in nf_conntrack_l3proto_ipv4.c and tcp_error() in nf_conntrack_proto_tcp.c should catch malformed packets, so the errors at the indicated lines - TCP options parsing - should not happen. However, tcp_error() relies on the "dataoff" offset to the TCP header, calculated by ipv4_get_l4proto(). But ipv4_get_l4proto() does not check bogus ihl values in IPv4 packets, which then can slip through tcp_error() and get caught at the TCP options parsing routines. The patch fixes ipv4_get_l4proto() by invalidating packets with bogus ihl value. The patch closes netfilter bugzilla id 771. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: David Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs/jbd/commit.c')
0 files changed, 0 insertions, 0 deletions