Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug that breaksamanda dumps

From: Patrick McHardy
Date: Thu Nov 04 2004 - 17:01:03 EST

Next message: Serge Hallyn: "Re: [RFC] [PATCH] [1/6] LSM Stacking: Replace LSM void* with arrays"
Previous message: Serge Hallyn: "[RFC] [PATCH] [0/6] LSM Stacking"
In reply to: David S. Miller: "Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug thatbreaks amanda dumps"
Next in thread: Matthias Andree: "Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug that breaks amanda dumps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David S. Miller wrote:

You're right... the bug was introduced by my skb_header_pointer() changes.
Look at this:

amp = skb_header_pointer(skb, dataoff,
skb->len - dataoff, amanda_buffer);
BUG_ON(amp == NULL);
data = amp;
data_limit = amp + skb->len - dataoff;
*data_limit = '\0';

It should just use the amanda_buffer always.

Thanks Dave and Herbert, here is the patch in case you haven't fixed it
already.

Regards
Patrick

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/11/04 22:50:11+01:00 kaber@xxxxxxxxxxxx
# [NETFILTER]: Don't use skb_header_pointer in amanda conntrack helper
#
# Fixes broken packets, noticed by Matthias Andree <matthias.andree@xxxxxx>
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# net/ipv4/netfilter/ip_conntrack_amanda.c
# 2004/11/04 22:50:04+01:00 kaber@xxxxxxxxxxxx +5 -7
# [NETFILTER]: Don't use skb_header_pointer in amanda conntrack helper
#
# Fixes broken packets, noticed by Matthias Andree <matthias.andree@xxxxxx>
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
diff -Nru a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c
--- a/net/ipv4/netfilter/ip_conntrack_amanda.c 2004-11-04 22:50:37 +01:00
+++ b/net/ipv4/netfilter/ip_conntrack_amanda.c 2004-11-04 22:50:37 +01:00
@@ -49,7 +49,7 @@
{
struct ip_conntrack_expect *exp;
struct ip_ct_amanda_expect *exp_amanda_info;
- char *amp, *data, *data_limit, *tmp;
+ char *data, *data_limit, *tmp;
unsigned int dataoff, i;
u_int16_t port, len;

@@ -70,11 +70,9 @@
}

LOCK_BH(&amanda_buffer_lock);
- amp = skb_header_pointer(skb, dataoff,
- skb->len - dataoff, amanda_buffer);
- BUG_ON(amp == NULL);
- data = amp;
- data_limit = amp + skb->len - dataoff;
+ skb_copy_bits(skb, dataoff, amanda_buffer, skb->len - dataoff);
+ data = amanda_buffer;
+ data_limit = amanda_buffer + skb->len - dataoff;
*data_limit = '\0';

/* Search for the CONNECT string */
@@ -110,7 +108,7 @@
exp->mask.dst.u.tcp.port = 0xFFFF;

exp_amanda_info = &exp->help.exp_amanda_info;
- exp_amanda_info->offset = tmp - amp;
+ exp_amanda_info->offset = tmp - amanda_buffer;
exp_amanda_info->port = port;
exp_amanda_info->len = len;

Next message: Serge Hallyn: "Re: [RFC] [PATCH] [1/6] LSM Stacking: Replace LSM void* with arrays"
Previous message: Serge Hallyn: "[RFC] [PATCH] [0/6] LSM Stacking"
In reply to: David S. Miller: "Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug thatbreaks amanda dumps"
Next in thread: Matthias Andree: "Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug that breaks amanda dumps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]