d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a problem in the Skinny ALG where a specially crafted packet could cause

Browse Source 
a libalias application (e.g.  natd, ppp, etc.) to crash.  Note: Skinny support
is not enabled in natd or ppp by default.

Approved by:	secteam (nectar)
MFC after:	1 day
Secuiryt:	This fixes a remote DoS exploit
This commit is contained in:
Joe Marcus Clarke 2005-03-03 03:06:37 +00:00
parent a1d0c3f203
commit 70037e98c4
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=143083
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/libalias/alias_skinny.c
View File

@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
void
AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
{
int hlen, tlen, dlen;
size_t hlen, tlen, dlen;
struct tcphdr *tc;
int32_t msgId, len, t, lip;
u_int32_t msgId, t, len, lip;
struct skinny_header *sd;
int orig_len, skinny_hdr_len = sizeof(struct skinny_header);
size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header);
ConvDirection direction;
tc = (struct tcphdr *)ip_next(pip);
@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
return;
}
#ifdef DEBUG
fprintf(stderr
fprintf(stderr,
"PacketAlias/Skinny: Received ipport message\n");
#endif
port_mesg = (struct IpPortMessage *)&sd->msgId;

8
sys/netinet/libalias/alias_skinny.c
View File

@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
void
AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
{
int hlen, tlen, dlen;
size_t hlen, tlen, dlen;
struct tcphdr *tc;
int32_t msgId, len, t, lip;
u_int32_t msgId, t, len, lip;
struct skinny_header *sd;
int orig_len, skinny_hdr_len = sizeof(struct skinny_header);
size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header);
ConvDirection direction;
tc = (struct tcphdr *)ip_next(pip);
@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
return;
}
#ifdef DEBUG
fprintf(stderr
fprintf(stderr,
"PacketAlias/Skinny: Received ipport message\n");
#endif
port_mesg = (struct IpPortMessage *)&sd->msgId;