diff options
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/ipvs/ip_vs_app.c | 2 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_conn.c | 4 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 6 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_sip.c | 16 |
4 files changed, 18 insertions, 10 deletions
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c index 51f3af7c4743..059af3120be7 100644 --- a/net/netfilter/ipvs/ip_vs_app.c +++ b/net/netfilter/ipvs/ip_vs_app.c | |||
@@ -572,7 +572,7 @@ static const struct file_operations ip_vs_app_fops = { | |||
572 | .open = ip_vs_app_open, | 572 | .open = ip_vs_app_open, |
573 | .read = seq_read, | 573 | .read = seq_read, |
574 | .llseek = seq_lseek, | 574 | .llseek = seq_lseek, |
575 | .release = seq_release, | 575 | .release = seq_release_net, |
576 | }; | 576 | }; |
577 | #endif | 577 | #endif |
578 | 578 | ||
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c index d3fd91bbba49..bf28ac2fc99b 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c | |||
@@ -1046,7 +1046,7 @@ static const struct file_operations ip_vs_conn_fops = { | |||
1046 | .open = ip_vs_conn_open, | 1046 | .open = ip_vs_conn_open, |
1047 | .read = seq_read, | 1047 | .read = seq_read, |
1048 | .llseek = seq_lseek, | 1048 | .llseek = seq_lseek, |
1049 | .release = seq_release, | 1049 | .release = seq_release_net, |
1050 | }; | 1050 | }; |
1051 | 1051 | ||
1052 | static const char *ip_vs_origin_name(unsigned flags) | 1052 | static const char *ip_vs_origin_name(unsigned flags) |
@@ -1114,7 +1114,7 @@ static const struct file_operations ip_vs_conn_sync_fops = { | |||
1114 | .open = ip_vs_conn_sync_open, | 1114 | .open = ip_vs_conn_sync_open, |
1115 | .read = seq_read, | 1115 | .read = seq_read, |
1116 | .llseek = seq_lseek, | 1116 | .llseek = seq_lseek, |
1117 | .release = seq_release, | 1117 | .release = seq_release_net, |
1118 | }; | 1118 | }; |
1119 | 1119 | ||
1120 | #endif | 1120 | #endif |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 89842f06931d..699c79a55657 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
@@ -2066,7 +2066,7 @@ static const struct file_operations ip_vs_info_fops = { | |||
2066 | .open = ip_vs_info_open, | 2066 | .open = ip_vs_info_open, |
2067 | .read = seq_read, | 2067 | .read = seq_read, |
2068 | .llseek = seq_lseek, | 2068 | .llseek = seq_lseek, |
2069 | .release = seq_release_private, | 2069 | .release = seq_release_net, |
2070 | }; | 2070 | }; |
2071 | 2071 | ||
2072 | static int ip_vs_stats_show(struct seq_file *seq, void *v) | 2072 | static int ip_vs_stats_show(struct seq_file *seq, void *v) |
@@ -2106,7 +2106,7 @@ static const struct file_operations ip_vs_stats_fops = { | |||
2106 | .open = ip_vs_stats_seq_open, | 2106 | .open = ip_vs_stats_seq_open, |
2107 | .read = seq_read, | 2107 | .read = seq_read, |
2108 | .llseek = seq_lseek, | 2108 | .llseek = seq_lseek, |
2109 | .release = single_release, | 2109 | .release = single_release_net, |
2110 | }; | 2110 | }; |
2111 | 2111 | ||
2112 | static int ip_vs_stats_percpu_show(struct seq_file *seq, void *v) | 2112 | static int ip_vs_stats_percpu_show(struct seq_file *seq, void *v) |
@@ -2175,7 +2175,7 @@ static const struct file_operations ip_vs_stats_percpu_fops = { | |||
2175 | .open = ip_vs_stats_percpu_seq_open, | 2175 | .open = ip_vs_stats_percpu_seq_open, |
2176 | .read = seq_read, | 2176 | .read = seq_read, |
2177 | .llseek = seq_lseek, | 2177 | .llseek = seq_lseek, |
2178 | .release = single_release, | 2178 | .release = single_release_net, |
2179 | }; | 2179 | }; |
2180 | #endif | 2180 | #endif |
2181 | 2181 | ||
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 237cc1981b89..cb5a28581782 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
@@ -1419,6 +1419,7 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff, | |||
1419 | const char *dptr, *end; | 1419 | const char *dptr, *end; |
1420 | s16 diff, tdiff = 0; | 1420 | s16 diff, tdiff = 0; |
1421 | int ret = NF_ACCEPT; | 1421 | int ret = NF_ACCEPT; |
1422 | bool term; | ||
1422 | typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust; | 1423 | typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust; |
1423 | 1424 | ||
1424 | if (ctinfo != IP_CT_ESTABLISHED && | 1425 | if (ctinfo != IP_CT_ESTABLISHED && |
@@ -1453,14 +1454,21 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff, | |||
1453 | if (dptr + matchoff == end) | 1454 | if (dptr + matchoff == end) |
1454 | break; | 1455 | break; |
1455 | 1456 | ||
1456 | if (end + strlen("\r\n\r\n") > dptr + datalen) | 1457 | term = false; |
1457 | break; | 1458 | for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) { |
1458 | if (end[0] != '\r' || end[1] != '\n' || | 1459 | if (end[0] == '\r' && end[1] == '\n' && |
1459 | end[2] != '\r' || end[3] != '\n') | 1460 | end[2] == '\r' && end[3] == '\n') { |
1461 | term = true; | ||
1462 | break; | ||
1463 | } | ||
1464 | } | ||
1465 | if (!term) | ||
1460 | break; | 1466 | break; |
1461 | end += strlen("\r\n\r\n") + clen; | 1467 | end += strlen("\r\n\r\n") + clen; |
1462 | 1468 | ||
1463 | msglen = origlen = end - dptr; | 1469 | msglen = origlen = end - dptr; |
1470 | if (msglen > datalen) | ||
1471 | return NF_DROP; | ||
1464 | 1472 | ||
1465 | ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen); | 1473 | ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen); |
1466 | if (ret != NF_ACCEPT) | 1474 | if (ret != NF_ACCEPT) |