git.baikalelectronics.ru Git - kernel.git/commit

author	Patrick McHardy <kaber@trash.net>
	Mon, 8 Sep 2008 01:21:24 +0000 (18:21 -0700)
committer	David S. Miller <davem@davemloft.net>
	Mon, 8 Sep 2008 01:21:24 +0000 (18:21 -0700)
commit	81e3afd028b8172d96b1a1296a072bc31d67fb88
tree	ff57e0687a42951c974db349dd67ccb5caf4423f	tree \| snapshot
parent	bcb3e6a2409797ce55de1e4a06732d31bd409cbe	commit \| diff

netfilter: nf_conntrack_irc: make sure string is terminated before calling simple_strtoul

Alexey Dobriyan points out:

1. simple_strtoul() silently accepts all characters for given base even
   if result won't fit into unsigned long. This is amazing stupidity in
   itself, but

2. nf_conntrack_irc helper use simple_strtoul() for DCC request parsing.
   Data first copied into 64KB buffer, so theoretically nothing prevents
   reading past the end of it, since data comes from network given 1).

This is not actually a problem currently since we're guaranteed to have
a 0 byte in skb_shared_info or in the buffer the data is copied to, but
to make this more robust, make sure the string is actually terminated.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>