Gitweb: http://git.kernel.org/linus/f5eb917b861828da18dc28854308068c66d1449a
Commit: f5eb917b861828da18dc28854308068c66d1449a
Parent: fd218cf9557b9bf7061365a8fe7020a56d3f767c
Author: John Hughes <john@calva.com>
AuthorDate: Wed Apr 7 21:29:25 2010 -0700
Committer: David S. Miller <davem@davemloft.net>
CommitDate: Wed Apr 7 21:29:25 2010 -0700
x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
Here is a patch to stop X.25 examining fields beyond the end of the packet.
For example, when a simple CALL ACCEPTED was received:
10 10 0f
x25_parse_facilities was attempting to decode the FACILITIES field, but this
packet contains no facilities field.
Signed-off-by: John Hughes <john@calva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
include/net/x25.h | 4 +++
net/x25/af_x25.c | 47 +++++++++++++++++++++++++++++++++++++++++++++-
net/x25/x25_facilities.c | 12 ++++++++++-
net/x25/x25_in.c | 15 ++++++++++---
4 files changed, 72 insertions(+), 6 deletions(-)
diff --git a/include/net/x25.h b/include/net/x25.h
index 9baa07d..33f67fb 100644
--- a/include/net/x25.h
+++ b/include/net/x25.h
@@ -182,6 +182,10 @@ extern int sysctl_x25_clear_request_timeout;
extern int sysctl_x25_ack_holdback_timeout;
extern int sysctl_x25_forward;
+extern int x25_parse_address_block(struct sk_buff *skb,
+ struct x25_address *called_addr,
+ struct x25_address *calling_addr);
+
extern int x25_addr_ntoa(unsigned char *, struct x25_address *,
struct x25_address *);
extern int x25_addr_aton(unsigned char *, struct x25_address *,
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 9796f3e..fe26c01 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -82,6 +82,41 @@ struct compat_x25_subscrip_struct {
};
#endif
+
+int x25_parse_address_block(struct sk_buff *skb,
+ struct x25_address *called_addr,
+ struct x25_address ...
