Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[NETFILTER]: Use correct type for "ports" module parameter
With large port numbers the helper_names buffer can overflow.
Noticed by Samir Bellabes <sbellabes@mandriva.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by Patrick McHardy and committed by David S. Miller 5cb30640 f3591fff
+3
-3
net/ipv4/netfilter/ip_conntrack_ftp.c
+3
-3
net/ipv4/netfilter/ip_conntrack_ftp.c
···
29
static DEFINE_SPINLOCK(ip_ftp_lock);
30
31
#define MAX_PORTS 8
32
-
static int ports[MAX_PORTS];
33
static int ports_c;
34
-
module_param_array(ports, int, &ports_c, 0400);
35
36
static int loose;
37
module_param(loose, int, 0600);
···
450
}
451
452
static struct ip_conntrack_helper ftp[MAX_PORTS];
453
-
static char ftp_names[MAX_PORTS][10];
454
455
/* Not __exit: called from init() */
456
static void fini(void)
···
29
static DEFINE_SPINLOCK(ip_ftp_lock);
30
31
#define MAX_PORTS 8
32
+
static short ports[MAX_PORTS];
33
static int ports_c;
34
+
module_param_array(ports, short, &ports_c, 0400);
35
36
static int loose;
37
module_param(loose, int, 0600);
···
450
}
451
452
static struct ip_conntrack_helper ftp[MAX_PORTS];
453
+
static char ftp_names[MAX_PORTS][sizeof("ftp-65535")];
454
455
/* Not __exit: called from init() */
456
static void fini(void)
+3
-3
net/ipv4/netfilter/ip_conntrack_irc.c
+3
-3
net/ipv4/netfilter/ip_conntrack_irc.c
···
34
#include <linux/moduleparam.h>
35
36
#define MAX_PORTS 8
37
-
static int ports[MAX_PORTS];
38
static int ports_c;
39
static int max_dcc_channels = 8;
40
static unsigned int dcc_timeout = 300;
···
52
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
53
MODULE_DESCRIPTION("IRC (DCC) connection tracking helper");
54
MODULE_LICENSE("GPL");
55
-
module_param_array(ports, int, &ports_c, 0400);
56
MODULE_PARM_DESC(ports, "port numbers of IRC servers");
57
module_param(max_dcc_channels, int, 0400);
58
MODULE_PARM_DESC(max_dcc_channels, "max number of expected DCC channels per IRC session");
···
240
}
241
242
static struct ip_conntrack_helper irc_helpers[MAX_PORTS];
243
-
static char irc_names[MAX_PORTS][10];
244
245
static void fini(void);
246
···
34
#include <linux/moduleparam.h>
35
36
#define MAX_PORTS 8
37
+
static short ports[MAX_PORTS];
38
static int ports_c;
39
static int max_dcc_channels = 8;
40
static unsigned int dcc_timeout = 300;
···
52
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
53
MODULE_DESCRIPTION("IRC (DCC) connection tracking helper");
54
MODULE_LICENSE("GPL");
55
+
module_param_array(ports, short, &ports_c, 0400);
56
MODULE_PARM_DESC(ports, "port numbers of IRC servers");
57
module_param(max_dcc_channels, int, 0400);
58
MODULE_PARM_DESC(max_dcc_channels, "max number of expected DCC channels per IRC session");
···
240
}
241
242
static struct ip_conntrack_helper irc_helpers[MAX_PORTS];
243
+
static char irc_names[MAX_PORTS][sizeof("irc-65535")];
244
245
static void fini(void);
246
+3
-3
net/ipv4/netfilter/ip_conntrack_tftp.c
+3
-3
net/ipv4/netfilter/ip_conntrack_tftp.c
···
26
MODULE_LICENSE("GPL");
27
28
#define MAX_PORTS 8
29
-
static int ports[MAX_PORTS];
30
static int ports_c;
31
-
module_param_array(ports, int, &ports_c, 0400);
32
MODULE_PARM_DESC(ports, "port numbers of tftp servers");
33
34
#if 0
···
100
}
101
102
static struct ip_conntrack_helper tftp[MAX_PORTS];
103
-
static char tftp_names[MAX_PORTS][10];
104
105
static void fini(void)
106
{
···
26
MODULE_LICENSE("GPL");
27
28
#define MAX_PORTS 8
29
+
static short ports[MAX_PORTS];
30
static int ports_c;
31
+
module_param_array(ports, short, &ports_c, 0400);
32
MODULE_PARM_DESC(ports, "port numbers of tftp servers");
33
34
#if 0
···
100
}
101
102
static struct ip_conntrack_helper tftp[MAX_PORTS];
103
+
static char tftp_names[MAX_PORTS][sizeof("tftp-65535")];
104
105
static void fini(void)
106
{