tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: remove BUG_ON() after skb_header_pointer()
Several conntrack helpers and the TCP tracker assume that
skb_header_pointer() never fails based on upfront header validation.
Even if this should not ever happen, BUG_ON() is a too drastic measure,
remove them.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+21
-7
+4
-1
net/netfilter/nf_conntrack_ftp.c
+4
-1
net/netfilter/nf_conntrack_ftp.c
···
413
413
414
414
spin_lock_bh(&nf_ftp_lock);
415
415
fb_ptr = skb_header_pointer(skb, dataoff, datalen, ftp_buffer);
416
-
BUG_ON(fb_ptr == NULL);
416
+
if (!fb_ptr) {
417
+
spin_unlock_bh(&nf_ftp_lock);
418
+
return NF_ACCEPT;
419
+
}
417
420
418
421
ends_in_nl = (fb_ptr[datalen - 1] == '\n');
419
422
seq = ntohl(th->seq) + datalen;
+2
-1
net/netfilter/nf_conntrack_h323_main.c
+2
-1
net/netfilter/nf_conntrack_h323_main.c
···
146
146
/* Get first TPKT pointer */
147
147
tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen,
148
148
h323_buffer);
149
-
BUG_ON(tpkt == NULL);
149
+
if (!tpkt)
150
+
goto clear_out;
150
151
151
152
/* Validate TPKT identifier */
152
153
if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) {
+4
-1
net/netfilter/nf_conntrack_irc.c
+4
-1
net/netfilter/nf_conntrack_irc.c
···
143
143
spin_lock_bh(&irc_buffer_lock);
144
144
ib_ptr = skb_header_pointer(skb, dataoff, skb->len - dataoff,
145
145
irc_buffer);
146
-
BUG_ON(ib_ptr == NULL);
146
+
if (!ib_ptr) {
147
+
spin_unlock_bh(&irc_buffer_lock);
148
+
return NF_ACCEPT;
149
+
}
147
150
148
151
data = ib_ptr;
149
152
data_limit = ib_ptr + skb->len - dataoff;
+3
-1
net/netfilter/nf_conntrack_pptp.c
+3
-1
net/netfilter/nf_conntrack_pptp.c
+4
-2
net/netfilter/nf_conntrack_proto_tcp.c
+4
-2
net/netfilter/nf_conntrack_proto_tcp.c
···
338
338
339
339
ptr = skb_header_pointer(skb, dataoff + sizeof(struct tcphdr),
340
340
length, buff);
341
-
BUG_ON(ptr == NULL);
341
+
if (!ptr)
342
+
return;
342
343
343
344
state->td_scale =
344
345
state->flags = 0;
···
395
394
396
395
ptr = skb_header_pointer(skb, dataoff + sizeof(struct tcphdr),
397
396
length, buff);
398
-
BUG_ON(ptr == NULL);
397
+
if (!ptr)
398
+
return;
399
399
400
400
/* Fast path for timestamp-only option */
401
401
if (length == TCPOLEN_TSTAMP_ALIGNED
+4
-1
net/netfilter/nf_conntrack_sane.c
+4
-1
net/netfilter/nf_conntrack_sane.c
···
95
95
96
96
spin_lock_bh(&nf_sane_lock);
97
97
sb_ptr = skb_header_pointer(skb, dataoff, datalen, sane_buffer);
98
-
BUG_ON(sb_ptr == NULL);
98
+
if (!sb_ptr) {
99
+
spin_unlock_bh(&nf_sane_lock);
100
+
return NF_ACCEPT;
101
+
}
99
102
100
103
if (dir == IP_CT_DIR_ORIGINAL) {
101
104
if (datalen != sizeof(struct sane_request))