aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/ipvs/ip_vs_app.c2
-rw-r--r--net/netfilter/ipvs/ip_vs_conn.c4
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c6
-rw-r--r--net/netfilter/nf_conntrack_sip.c16
4 files changed, 18 insertions, 10 deletions
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index 51f3af7c4743..059af3120be7 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -572,7 +572,7 @@ static const struct file_operations ip_vs_app_fops = {
572 .open = ip_vs_app_open, 572 .open = ip_vs_app_open,
573 .read = seq_read, 573 .read = seq_read,
574 .llseek = seq_lseek, 574 .llseek = seq_lseek,
575 .release = seq_release, 575 .release = seq_release_net,
576}; 576};
577#endif 577#endif
578 578
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index d3fd91bbba49..bf28ac2fc99b 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -1046,7 +1046,7 @@ static const struct file_operations ip_vs_conn_fops = {
1046 .open = ip_vs_conn_open, 1046 .open = ip_vs_conn_open,
1047 .read = seq_read, 1047 .read = seq_read,
1048 .llseek = seq_lseek, 1048 .llseek = seq_lseek,
1049 .release = seq_release, 1049 .release = seq_release_net,
1050}; 1050};
1051 1051
1052static const char *ip_vs_origin_name(unsigned flags) 1052static const char *ip_vs_origin_name(unsigned flags)
@@ -1114,7 +1114,7 @@ static const struct file_operations ip_vs_conn_sync_fops = {
1114 .open = ip_vs_conn_sync_open, 1114 .open = ip_vs_conn_sync_open,
1115 .read = seq_read, 1115 .read = seq_read,
1116 .llseek = seq_lseek, 1116 .llseek = seq_lseek,
1117 .release = seq_release, 1117 .release = seq_release_net,
1118}; 1118};
1119 1119
1120#endif 1120#endif
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 89842f06931d..699c79a55657 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2066,7 +2066,7 @@ static const struct file_operations ip_vs_info_fops = {
2066 .open = ip_vs_info_open, 2066 .open = ip_vs_info_open,
2067 .read = seq_read, 2067 .read = seq_read,
2068 .llseek = seq_lseek, 2068 .llseek = seq_lseek,
2069 .release = seq_release_private, 2069 .release = seq_release_net,
2070}; 2070};
2071 2071
2072static int ip_vs_stats_show(struct seq_file *seq, void *v) 2072static int ip_vs_stats_show(struct seq_file *seq, void *v)
@@ -2106,7 +2106,7 @@ static const struct file_operations ip_vs_stats_fops = {
2106 .open = ip_vs_stats_seq_open, 2106 .open = ip_vs_stats_seq_open,
2107 .read = seq_read, 2107 .read = seq_read,
2108 .llseek = seq_lseek, 2108 .llseek = seq_lseek,
2109 .release = single_release, 2109 .release = single_release_net,
2110}; 2110};
2111 2111
2112static int ip_vs_stats_percpu_show(struct seq_file *seq, void *v) 2112static int ip_vs_stats_percpu_show(struct seq_file *seq, void *v)
@@ -2175,7 +2175,7 @@ static const struct file_operations ip_vs_stats_percpu_fops = {
2175 .open = ip_vs_stats_percpu_seq_open, 2175 .open = ip_vs_stats_percpu_seq_open,
2176 .read = seq_read, 2176 .read = seq_read,
2177 .llseek = seq_lseek, 2177 .llseek = seq_lseek,
2178 .release = single_release, 2178 .release = single_release_net,
2179}; 2179};
2180#endif 2180#endif
2181 2181
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 237cc1981b89..cb5a28581782 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1419,6 +1419,7 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1419 const char *dptr, *end; 1419 const char *dptr, *end;
1420 s16 diff, tdiff = 0; 1420 s16 diff, tdiff = 0;
1421 int ret = NF_ACCEPT; 1421 int ret = NF_ACCEPT;
1422 bool term;
1422 typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust; 1423 typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
1423 1424
1424 if (ctinfo != IP_CT_ESTABLISHED && 1425 if (ctinfo != IP_CT_ESTABLISHED &&
@@ -1453,14 +1454,21 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1453 if (dptr + matchoff == end) 1454 if (dptr + matchoff == end)
1454 break; 1455 break;
1455 1456
1456 if (end + strlen("\r\n\r\n") > dptr + datalen) 1457 term = false;
1457 break; 1458 for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) {
1458 if (end[0] != '\r' || end[1] != '\n' || 1459 if (end[0] == '\r' && end[1] == '\n' &&
1459 end[2] != '\r' || end[3] != '\n') 1460 end[2] == '\r' && end[3] == '\n') {
1461 term = true;
1462 break;
1463 }
1464 }
1465 if (!term)
1460 break; 1466 break;
1461 end += strlen("\r\n\r\n") + clen; 1467 end += strlen("\r\n\r\n") + clen;
1462 1468
1463 msglen = origlen = end - dptr; 1469 msglen = origlen = end - dptr;
1470 if (msglen > datalen)
1471 return NF_DROP;
1464 1472
1465 ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen); 1473 ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen);
1466 if (ret != NF_ACCEPT) 1474 if (ret != NF_ACCEPT)