mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-27 13:32:45 +00:00
Fix a problem in the Skinny ALG where a specially crafted packet could cause
a libalias application (e.g. natd, ppp, etc.) to crash. Note: Skinny support is not enabled in natd or ppp by default. Approved by: secteam (nectar) MFC after: 1 day Secuiryt: This fixes a remote DoS exploit
This commit is contained in:
parent
a1d0c3f203
commit
70037e98c4
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=143083
@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
|
||||
void
|
||||
AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
|
||||
{
|
||||
int hlen, tlen, dlen;
|
||||
size_t hlen, tlen, dlen;
|
||||
struct tcphdr *tc;
|
||||
int32_t msgId, len, t, lip;
|
||||
u_int32_t msgId, t, len, lip;
|
||||
struct skinny_header *sd;
|
||||
int orig_len, skinny_hdr_len = sizeof(struct skinny_header);
|
||||
size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header);
|
||||
ConvDirection direction;
|
||||
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
|
||||
return;
|
||||
}
|
||||
#ifdef DEBUG
|
||||
fprintf(stderr
|
||||
fprintf(stderr,
|
||||
"PacketAlias/Skinny: Received ipport message\n");
|
||||
#endif
|
||||
port_mesg = (struct IpPortMessage *)&sd->msgId;
|
||||
|
@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
|
||||
void
|
||||
AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
|
||||
{
|
||||
int hlen, tlen, dlen;
|
||||
size_t hlen, tlen, dlen;
|
||||
struct tcphdr *tc;
|
||||
int32_t msgId, len, t, lip;
|
||||
u_int32_t msgId, t, len, lip;
|
||||
struct skinny_header *sd;
|
||||
int orig_len, skinny_hdr_len = sizeof(struct skinny_header);
|
||||
size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header);
|
||||
ConvDirection direction;
|
||||
|
||||
tc = (struct tcphdr *)ip_next(pip);
|
||||
@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
|
||||
return;
|
||||
}
|
||||
#ifdef DEBUG
|
||||
fprintf(stderr
|
||||
fprintf(stderr,
|
||||
"PacketAlias/Skinny: Received ipport message\n");
|
||||
#endif
|
||||
port_mesg = (struct IpPortMessage *)&sd->msgId;
|
||||
|
Loading…
Reference in New Issue
Block a user