d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a problem in the Skinny ALG where a specially crafted packet could cause

Browse Source 
a libalias application (e.g.  natd, ppp, etc.) to crash.  Note: Skinny support
is not enabled in natd or ppp by default.

Approved by:	secteam (nectar)
MFC after:	1 day
Secuiryt:	This fixes a remote DoS exploit
This commit is contained in:
marcus 2005-03-03 03:06:37 +00:00
parent ac2dd8b794
commit 49e020aaeb
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/libalias/alias_skinny.c
View File

@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
void void
AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk) AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
{ {
int hlen, tlen, dlen; size_t hlen, tlen, dlen;
struct tcphdr *tc; struct tcphdr *tc;
int32_t msgId, len, t, lip; u_int32_t msgId, t, len, lip;
struct skinny_header *sd; struct skinny_header *sd;
int orig_len, skinny_hdr_len = sizeof(struct skinny_header); size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header);
ConvDirection direction; ConvDirection direction;
tc = (struct tcphdr *)ip_next(pip); tc = (struct tcphdr *)ip_next(pip);
@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
return; return;
} }
#ifdef DEBUG #ifdef DEBUG
fprintf(stderr fprintf(stderr,
"PacketAlias/Skinny: Received ipport message\n"); "PacketAlias/Skinny: Received ipport message\n");
#endif #endif
port_mesg = (struct IpPortMessage *)&sd->msgId; port_mesg = (struct IpPortMessage *)&sd->msgId;

8
sys/netinet/libalias/alias_skinny.c
View File

@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn
void void
AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk) AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
{ {
int hlen, tlen, dlen; size_t hlen, tlen, dlen;
struct tcphdr *tc; struct tcphdr *tc;
int32_t msgId, len, t, lip; u_int32_t msgId, t, len, lip;
struct skinny_header *sd; struct skinny_header *sd;
int orig_len, skinny_hdr_len = sizeof(struct skinny_header); size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header);
ConvDirection direction; ConvDirection direction;
tc = (struct tcphdr *)ip_next(pip); tc = (struct tcphdr *)ip_next(pip);
@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk)
return; return;
} }
#ifdef DEBUG #ifdef DEBUG
fprintf(stderr fprintf(stderr,
"PacketAlias/Skinny: Received ipport message\n"); "PacketAlias/Skinny: Received ipport message\n");
#endif #endif
port_mesg = (struct IpPortMessage *)&sd->msgId; port_mesg = (struct IpPortMessage *)&sd->msgId;