]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7503d0d) | patch
netfilter: nf_conntrack_irc: Tighten matching on DCC message
authorDavid Leadbeater <dgl@dgl.cx>
Fri, 26 Aug 2022 04:56:57 +0000 (14:56 +1000)
committerFlorian Westphal <fw@strlen.de>
Wed, 7 Sep 2022 13:55:23 +0000 (15:55 +0200)
commit1d1201a4d841c1bd8225562085bf9b419252aaf7
tree336ad75fbf4928828a1d2c8be6413e00226e076etree | snapshot
parent7503d0dc8e57d41b28e4d1d630b692bd094ceccfcommit | diff
netfilter: nf_conntrack_irc: Tighten matching on DCC message

CTCP messages should only be at the start of an IRC message, not
anywhere within it.

While the helper only decodes packes in the ORIGINAL direction, its
possible to make a client send a CTCP message back by empedding one into
a PING request.  As-is, thats enough to make the helper believe that it
saw a CTCP message.

Fixes: f8a64fc724f9 ("[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port")
Signed-off-by: David Leadbeater <dgl@dgl.cx>
Signed-off-by: Florian Westphal <fw@strlen.de>
net/netfilter/nf_conntrack_irc.c diff | blob | history
Linux Kernel Source Tree.