diff options
author | Patrick McHardy <kaber@trash.net> | 2006-01-10 01:43:43 +0100 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-01-10 21:54:30 +0100 |
commit | 15db34702cfafd24acc60295cf14861e497502ab (patch) | |
tree | 541d18bb0b8e1d915ca258d16ea79df730b8f0b7 | |
parent | [NETFILTER]: net/ipv[46]/netfilter.c cleanups (diff) | |
download | linux-15db34702cfafd24acc60295cf14861e497502ab.tar.xz linux-15db34702cfafd24acc60295cf14861e497502ab.zip |
[NETFILTER]: Fix crash in ip_nat_pptp
When an inbound PPTP_IN_CALL_REQUEST packet is received the
PPTP NAT helper uses a NULL pointer in pointer arithmentic to
calculate the offset in the packet which needs to be mangled
and corrupts random memory or crashes.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/netfilter/ip_nat_helper_pptp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c index e546203f5662..8ad7b36e242d 100644 --- a/net/ipv4/netfilter/ip_nat_helper_pptp.c +++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c @@ -315,7 +315,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, break; case PPTP_IN_CALL_REQUEST: /* only need to nat in case PAC is behind NAT box */ - break; + return NF_ACCEPT; case PPTP_WAN_ERROR_NOTIFY: pcid = &pptpReq->wanerr.peersCallID; break; |