DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type;
        b=GIoQcjM/qw4GOlWhekqAzTDnPn60Y3GYzY0iUgPrCTAyNzKKrYFByauBRrQmKnoTwk
         jKbHnrFc8BTA4zKVkRjXuTVeQv/cLGPteDhXmTih50CNZCZBWu8F6g7jIlWaG1uCjYcz
         iFeRNgGyRKIeSwn7EasJdmMNKTLDkNA1l27Cw=
MIME-Version: 1.0
In-Reply-To: <BANLkTikp9ZV4w1E8NNsGBkftGh=jRDx5fw@mail.gmail.com>
References: <BANLkTikp9ZV4w1E8NNsGBkftGh=jRDx5fw@mail.gmail.com>
From: Changli Gao <xiaosuo@gmail.com>
Date: Sat, 21 May 2011 23:31:05 +0800
Message-ID: <BANLkTikt_N-1HJfcFu241WX4+XuNVDF+5w@mail.gmail.com>
Subject: Re: [PATCH] netfilter: nf_conntrack_ftp: prevent integer overflows in get_port()
To: Mansour Moufid <mansourmoufid@gmail.com>
Cc: kaber@trash.net, netfilter-devel@vger.kernel.org,
        linux-kernel@vger.kernel.org
Content-Type: text/plain; charset=ISO-8859-1
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 993
Lines: 25

On Thu, May 5, 2011 at 6:31 AM, Mansour Moufid <mansourmoufid@gmail.com> wrote:
> From: Mansour Moufid <mansourmoufid@gmail.com>
>
> This patch prevents potential integer overflows from occurring in the
> port number parsing function `get_port', in the file
> net/netfilter/nf_conntrack_ftp.c; related constants are defined in
> include/linux/kernel.h. This applies to stable version 2.6.38.5.
>
> The concern is a firewall could be made to open an otherwise closed
> port. For example, get_port("65558?", 0, 6, '?', foo) currently
> returns 22 in *foo.
>

It isn't a serious problem. If an attacker can control the contents,
he can just give a valid port 22 instead of utilizing this integer
overflow.

-- 
Regards,
Changli Gao(xiaosuo@gmail.com)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/