[NETFILTER]: PPTP conntrack: check call ID before changing state

For rejected calls the state is set to PPTP_CALL_NONE even for non-matching call ids. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2006-09-20 15:10:37 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 18:20:17 -0400
commit: 750a58423309b56751076329e9edf61b93213e0f (patch)
tree: 8b57331ec4cec74b148a8189c265c167d1037001
parent: 87a0117afdfe64473a6c802501bc15aee145ebb8 (diff)
1 files changed, 13 insertions, 19 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
index 7b6d5aaca4da..5cb6b61cd171 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -335,25 +335,19 @@ pptp_inbound_pkt(struct sk_buff **pskb,
                    info->cstate != PPTP_CALL_OUT_CONF)
                        goto invalid;
-                if (pptpReq->ocack.resultCode != PPTP_OUTCALL_CONNECT) {
-                        info->cstate = PPTP_CALL_NONE;
-                        break;
-                }
                cid = pptpReq->ocack.callID;
                pcid = pptpReq->ocack.peersCallID;
-                info->pac_call_id = cid;
                if (info->pns_call_id != pcid)
                        goto invalid;
                DEBUGP("%s, CID=%X, PCID=%X\n", pptp_msg_name[msg],
                        ntohs(cid), ntohs(pcid));
-                info->cstate = PPTP_CALL_OUT_CONF;
+                if (pptpReq->ocack.resultCode == PPTP_OUTCALL_CONNECT) {
+                        info->cstate = PPTP_CALL_OUT_CONF;
-                exp_gre(ct, cid, pcid);
+                        info->pac_call_id = cid;
+                        exp_gre(ct, cid, pcid);
+                } else
+                        info->cstate = PPTP_CALL_NONE;
                break;
        case PPTP_IN_CALL_REQUEST:
@@ -464,17 +458,17 @@ pptp_outbound_pkt(struct sk_buff **pskb,
                    info->cstate != PPTP_CALL_IN_REP)
                        goto invalid;
-                if (pptpReq->icack.resultCode != PPTP_INCALL_ACCEPT) {
-                        info->cstate = PPTP_CALL_NONE;
-                        break;
-                }
                pcid = pptpReq->icack.peersCallID;
                if (info->pac_call_id != pcid)
                        goto invalid;
                DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(pcid));
-                /* part two of the three-way handshake */
-                info->cstate = PPTP_CALL_IN_REP;
+                if (pptpReq->icack.resultCode == PPTP_INCALL_ACCEPT) {
-                info->pns_call_id = pcid;
+                        /* part two of the three-way handshake */
+                        info->cstate = PPTP_CALL_IN_REP;
+                        info->pns_call_id = pcid;
+                } else
+                        info->cstate = PPTP_CALL_NONE;
                break;
        case PPTP_CALL_CLEAR_REQUEST:
author	Patrick McHardy <kaber@trash.net>	2006-09-20 15:10:37 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 18:20:17 -0400
commit	750a58423309b56751076329e9edf61b93213e0f (patch)
tree	8b57331ec4cec74b148a8189c265c167d1037001
parent	87a0117afdfe64473a6c802501bc15aee145ebb8 (diff)

diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c index 7b6d5aaca4da..5cb6b61cd171 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -335,25 +335,19 @@ pptp_inbound_pkt(struct sk_buff **pskb,
335	info->cstate != PPTP_CALL_OUT_CONF)	335	info->cstate != PPTP_CALL_OUT_CONF)
336	goto invalid;	336	goto invalid;
337		337
338	if (pptpReq->ocack.resultCode != PPTP_OUTCALL_CONNECT) {
339	info->cstate = PPTP_CALL_NONE;
340	break;
341	}
342
343	cid = pptpReq->ocack.callID;	338	cid = pptpReq->ocack.callID;
344	pcid = pptpReq->ocack.peersCallID;	339	pcid = pptpReq->ocack.peersCallID;
345
346	info->pac_call_id = cid;
347
348	if (info->pns_call_id != pcid)	340	if (info->pns_call_id != pcid)
349	goto invalid;	341	goto invalid;
350
351	DEBUGP("%s, CID=%X, PCID=%X\n", pptp_msg_name[msg],	342	DEBUGP("%s, CID=%X, PCID=%X\n", pptp_msg_name[msg],
352	ntohs(cid), ntohs(pcid));	343	ntohs(cid), ntohs(pcid));
353		344
354	info->cstate = PPTP_CALL_OUT_CONF;	345	if (pptpReq->ocack.resultCode == PPTP_OUTCALL_CONNECT) {
355		346	info->cstate = PPTP_CALL_OUT_CONF;
356	exp_gre(ct, cid, pcid);	347	info->pac_call_id = cid;
		348	exp_gre(ct, cid, pcid);
		349	} else
		350	info->cstate = PPTP_CALL_NONE;
357	break;	351	break;
358		352
359	case PPTP_IN_CALL_REQUEST:	353	case PPTP_IN_CALL_REQUEST:
@@ -464,17 +458,17 @@ pptp_outbound_pkt(struct sk_buff **pskb,
464	info->cstate != PPTP_CALL_IN_REP)	458	info->cstate != PPTP_CALL_IN_REP)
465	goto invalid;	459	goto invalid;
466		460
467	if (pptpReq->icack.resultCode != PPTP_INCALL_ACCEPT) {
468	info->cstate = PPTP_CALL_NONE;
469	break;
470	}
471	pcid = pptpReq->icack.peersCallID;	461	pcid = pptpReq->icack.peersCallID;
472	if (info->pac_call_id != pcid)	462	if (info->pac_call_id != pcid)
473	goto invalid;	463	goto invalid;
474	DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(pcid));	464	DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(pcid));
475	/* part two of the three-way handshake */	465
476	info->cstate = PPTP_CALL_IN_REP;	466	if (pptpReq->icack.resultCode == PPTP_INCALL_ACCEPT) {
477	info->pns_call_id = pcid;	467	/* part two of the three-way handshake */
		468	info->cstate = PPTP_CALL_IN_REP;
		469	info->pns_call_id = pcid;
		470	} else
		471	info->cstate = PPTP_CALL_NONE;
478	break;	472	break;
479		473
480	case PPTP_CALL_CLEAR_REQUEST:	474	case PPTP_CALL_CLEAR_REQUEST: