LVS
lvs-devel
Google
 
Web LinuxVirtualServer.org

Re: [PATCH 1/1] ip_vs_sip_fill_param() uninitialized var

To: Julian Anastasov <ja@xxxxxx>
Subject: Re: [PATCH 1/1] ip_vs_sip_fill_param() uninitialized var
Cc: Simon Horman <horms@xxxxxxxxxxxx>, Wensong Zhang <wensong@xxxxxxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx
From: Hans Schillstrom <hans@xxxxxxxxxxxxxxx>
Date: Thu, 25 Apr 2013 08:12:10 +0200
Hello
On Wed, 2013-04-24 at 22:44 +0300, Julian Anastasov wrote:
>       Hello,
[snip]
> On Wed, 24 Apr 2013, Hans Schillstrom wrote:
> 
> > The reason for this patch is crash in kmemdup
> > caused by uninitialized param into kmemdup()
> > 
> > diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c 
> > b/net/netfilter/ipvs/ip_vs_pe_sip.c
> > index 00cc024..8767514 100644
> > --- a/net/netfilter/ipvs/ip_vs_pe_sip.c
> > +++ b/net/netfilter/ipvs/ip_vs_pe_sip.c
> > @@ -70,7 +70,7 @@ ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct 
> > sk_buff *skb)
> >  {
> >     struct sk_buff *reasm = skb_nfct_reasm(skb);
> >     struct ip_vs_iphdr iph;
> > -   unsigned int dataoff, datalen, matchoff, matchlen;
> > +   unsigned int dataoff, datalen, matchoff = 0, matchlen = 0;
> 
>       It seems in get_callid() when ct_sip_get_header()
> returns 0 (missing header) we should return -EINVAL just
> like for the "Empty callid is useless" case, i.e. messages
> with empty/missing Call-ID should be dropped.
> 

It seems to  be the right cure for the patient,
I'll send a new patch and I will also remove the unneeded check for zero
matchlen since it is all ready done in ct_sip_get_header() 

-       /* Empty callid is useless */
-       if (!*matchlen)
-               return -EINVAL;
-

Thanks
Hans

> >     const char *dptr;
> >     int retc;
> >  
> > -- 
> > 1.7.11.7
> 
> Regards
> 
> --
> Julian Anastasov <ja@xxxxxx>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Attachment: smime.p7s
Description: S/MIME cryptographic signature

<Prev in Thread] Current Thread [Next in Thread>