Re: [PATCH V2] netfilter: h323: avoid potential attack

[PATCH V2] netfilter: h323: avoid potential attack · Zhouyi Zhou <hidden> · 2016-01-28
Re: [PATCH V2] netfilter: h323: avoid potential attack · Eric Dumazet <hidden> · 2016-01-28
Re: Re: [PATCH V2] netfilter: h323: avoid potential attack · Zhouyi Zhou <hidden> · 2016-01-28
Re: Re: [PATCH V2] netfilter: h323: avoid potential attack · Eric Dumazet <hidden> · 2016-01-28
Re: Re: [PATCH V2] netfilter: h323: avoid potential attack · Eric Dumazet <hidden> · 2016-01-28
Re: [PATCH V2] netfilter: h323: avoid potential attack · One Thousand Gnomes <hidden> · 2016-01-28
Re: [PATCH V2] netfilter: h323: avoid potential attack · Sergei Shtylyov <hidden> · 2016-01-28
Re: [PATCH V2] netfilter: h323: avoid potential attack · Florian Westphal <fw@strlen.de> · 2016-01-28
Re: Re: [PATCH V2] netfilter: h323: avoid potential attack · Zhouyi Zhou <hidden> · 2016-01-28

From: Eric Dumazet <hidden>
Date: 2016-01-28 12:57:01
Also in: netfilter-devel

On Thu, 2016-01-28 at 16:59 +0800, Zhouyi Zhou wrote:

Thanks Eric for your review and advice.

I think hackers chould build a malicious h323 packet to overflow
the pointer p which will panic during the memcpy(addr, p, len)

For example, he may fabricate a very large taddr->ipAddress.ip;

Signed-off-by: Zhouyi Zhou <redacted>
---

Except you did not address my feedback about potentially reading not
initialized memory.

if the frame length was 1000 bytes, then surely accessing memory at
offset 8000 will either read garbage, or read data from a prior frame
and leak secrets.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help