If the CTCP message is shorter than 10 + 21 + MINMATCHLEN
then exit early and don't parse the rest of the message.
Signed-off-by: Sohom <[email protected]>
---
net/netfilter/nf_conntrack_irc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 5703846bea3b..703b5a123cb5 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -157,8 +157,12 @@ static int help(struct sk_buff *skb, unsigned int protoff,
data = ib_ptr;
data_limit = ib_ptr + datalen;
+ if (data >= data_limit - (10 + 21 + MINMATCHLEN)) {
+ goto out;
+ }
+
/* Skip any whitespace */
- while (data < data_limit - 10) {
+ while (data < data_limit) {
if (*data == ' ' || *data == '\r' || *data == '\n')
data++;
else
--
2.41.0
Sohom <[email protected]> wrote:
> If the CTCP message is shorter than 10 + 21 + MINMATCHLEN
> then exit early and don't parse the rest of the message.
Please send a v2 explaining why, not what.
> + if (data >= data_limit - (10 + 21 + MINMATCHLEN)) {
> + goto out;
> + }
Please run your patches through scripts/checkpatch.pl,
we don't use { } for single-line conditional bodies.
> /* Skip any whitespace */
> - while (data < data_limit - 10) {
> + while (data < data_limit) {
Why this change?