1
linux/net/netfilter
Patrick McHardy 99d24edeb6 [NETFILTER]: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876)
When creating a new connection by sending an unknown chunk type, we
don't transition to a valid state, causing a NULL pointer dereference
in sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].

Fix by don't creating new conntrack entry if initial state is invalid.

Noticed by Vilmos Nebehaj <vilmos.nebehaj@ramsys.hu>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-10 23:24:52 -07:00
..
core.c [NETFILTER]: add some consts, remove some casts 2007-07-10 22:17:01 -07:00
Kconfig [NETFILTER]: x_tables: add TRACE target 2007-07-10 22:17:14 -07:00
Makefile [NETFILTER]: nf_conntrack: introduce extension infrastructure 2007-07-10 22:17:17 -07:00
nf_conntrack_amanda.c [NETFILTER]: nf_conntrack: reduce masks to a subset of tuples 2007-07-10 22:17:55 -07:00
nf_conntrack_core.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_ecache.c [NETFILTER]: nf_conntrack_expect: function naming unification 2007-07-10 22:17:53 -07:00
nf_conntrack_expect.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
nf_conntrack_extend.c [NETFILTER]: nf_conntrack: introduce extension infrastructure 2007-07-10 22:17:17 -07:00
nf_conntrack_ftp.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_h323_asn1.c [NETFILTER]: nf_conntrack_h323: check range first in sequence extension 2007-07-10 22:16:54 -07:00
nf_conntrack_h323_main.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_h323_types.c [NETFILTER]: nf_conntrack_h323: fix ASN.1 types 2007-05-24 16:42:26 -07:00
nf_conntrack_helper.c [NETFILTER]: nf_conntrack_helper: use hashtable for conntrack helpers 2007-07-10 22:18:13 -07:00
nf_conntrack_irc.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_l3proto_generic.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_netbios_ns.c [NETFILTER]: nf_conntrack: reduce masks to a subset of tuples 2007-07-10 22:17:55 -07:00
nf_conntrack_netlink.c [NETFILTER]: nf_conntrack_expect: maintain per conntrack expectation list 2007-07-10 22:18:02 -07:00
nf_conntrack_pptp.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_proto_generic.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_conntrack_proto_gre.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_proto_sctp.c [NETFILTER]: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876) 2007-07-10 23:24:52 -07:00
nf_conntrack_proto_tcp.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_proto_udp.c [NETFILTER]: Remove changelogs and CVS IDs 2007-04-25 22:27:35 -07:00
nf_conntrack_proto.c [NETLINK]: Possible cleanups. 2007-04-26 00:57:41 -07:00
nf_conntrack_sane.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_sip.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_conntrack_standalone.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
nf_conntrack_tftp.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
nf_internals.h [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_log.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
nf_queue.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
nf_sockopt.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
nfnetlink_log.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
nfnetlink_queue.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
nfnetlink.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
x_tables.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
xt_CLASSIFY.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_comment.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_connbytes.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_connmark.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_CONNMARK.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_CONNSECMARK.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_conntrack.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_dccp.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_dscp.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_DSCP.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_esp.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_hashlimit.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
xt_helper.c [NETFILTER]: xt_helper: use RCU 2007-07-10 22:18:19 -07:00
xt_length.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_limit.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_mac.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_mark.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_MARK.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_multiport.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_NFLOG.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_NFQUEUE.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_NOTRACK.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_physdev.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_pkttype.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_policy.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_quota.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_realm.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_sctp.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_SECMARK.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_state.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_statistic.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_string.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_tcpmss.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_TCPMSS.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_tcpudp.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_TRACE.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_u32.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00