Re: [PATCH] netfilter: nf_conntrack_ftp: prevent integer overflows in get_port()

From: Changli Gao
Date: Sat May 21 2011 - 11:35:55 EST

Next message: Chris Wilson: "Re: Major 2.6.38 regression ignored?"
Previous message: H.J. Lu: "Re: X32 project status update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 5, 2011 at 6:31 AM, Mansour Moufid <mansourmoufid@xxxxxxxxx> wrote:
> From: Mansour Moufid <mansourmoufid@xxxxxxxxx>
>
> This patch prevents potential integer overflows from occurring in the
> port number parsing function `get_port', in the file
> net/netfilter/nf_conntrack_ftp.c; related constants are defined in
> include/linux/kernel.h. This applies to stable version 2.6.38.5.
>
> The concern is a firewall could be made to open an otherwise closed
> port. For example, get_port("65558?", 0, 6, '?', foo) currently
> returns 22 in *foo.
>

It isn't a serious problem. If an attacker can control the contents,
he can just give a valid port 22 instead of utilizing this integer
overflow.

--
Regards,
Changli Gao(xiaosuo@xxxxxxxxx)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wilson: "Re: Major 2.6.38 regression ignored?"
Previous message: H.J. Lu: "Re: X32 project status update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]