tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[NETFILTER]: Use correct type for "ports" module parameter

With large port numbers the helper_names buffer can overflow.
Noticed by Samir Bellabes <sbellabes@mandriva.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Patrick McHardy and committed by David S. Miller 5cb30640 f3591fff

+9 -9
unified split
+3 -3
net/ipv4/netfilter/ip_conntrack_ftp.c
··· 29 29 static DEFINE_SPINLOCK(ip_ftp_lock); 30 30 31 31 #define MAX_PORTS 8 32 - static int ports[MAX_PORTS]; 32 + static short ports[MAX_PORTS]; 33 33 static int ports_c; 34 - module_param_array(ports, int, &ports_c, 0400); 34 + module_param_array(ports, short, &ports_c, 0400); 35 35 36 36 static int loose; 37 37 module_param(loose, int, 0600); ··· 450 450 } 451 451 452 452 static struct ip_conntrack_helper ftp[MAX_PORTS]; 453 - static char ftp_names[MAX_PORTS][10]; 453 + static char ftp_names[MAX_PORTS][sizeof("ftp-65535")]; 454 454 455 455 /* Not __exit: called from init() */ 456 456 static void fini(void)
+3 -3
net/ipv4/netfilter/ip_conntrack_irc.c
··· 34 34 #include <linux/moduleparam.h> 35 35 36 36 #define MAX_PORTS 8 37 - static int ports[MAX_PORTS]; 37 + static short ports[MAX_PORTS]; 38 38 static int ports_c; 39 39 static int max_dcc_channels = 8; 40 40 static unsigned int dcc_timeout = 300; ··· 52 52 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 53 53 MODULE_DESCRIPTION("IRC (DCC) connection tracking helper"); 54 54 MODULE_LICENSE("GPL"); 55 - module_param_array(ports, int, &ports_c, 0400); 55 + module_param_array(ports, short, &ports_c, 0400); 56 56 MODULE_PARM_DESC(ports, "port numbers of IRC servers"); 57 57 module_param(max_dcc_channels, int, 0400); 58 58 MODULE_PARM_DESC(max_dcc_channels, "max number of expected DCC channels per IRC session"); ··· 240 240 } 241 241 242 242 static struct ip_conntrack_helper irc_helpers[MAX_PORTS]; 243 - static char irc_names[MAX_PORTS][10]; 243 + static char irc_names[MAX_PORTS][sizeof("irc-65535")]; 244 244 245 245 static void fini(void); 246 246
+3 -3
net/ipv4/netfilter/ip_conntrack_tftp.c
··· 26 26 MODULE_LICENSE("GPL"); 27 27 28 28 #define MAX_PORTS 8 29 - static int ports[MAX_PORTS]; 29 + static short ports[MAX_PORTS]; 30 30 static int ports_c; 31 - module_param_array(ports, int, &ports_c, 0400); 31 + module_param_array(ports, short, &ports_c, 0400); 32 32 MODULE_PARM_DESC(ports, "port numbers of tftp servers"); 33 33 34 34 #if 0 ··· 100 100 } 101 101 102 102 static struct ip_conntrack_helper tftp[MAX_PORTS]; 103 - static char tftp_names[MAX_PORTS][10]; 103 + static char tftp_names[MAX_PORTS][sizeof("tftp-65535")]; 104 104 105 105 static void fini(void) 106 106 {