netfilter: nf_ct_helper: disable automatic helper re-assignment of different type
This patch modifies __nf_ct_try_assign_helper in a way that invalidates support for the following scenario: 1) attach the helper A for first time when the conntrack is created 2) attach new (different) helper B due to changes the reply tuple caused by NAT eg. port redirection from TCP/21 to TCP/5060 with both FTP and SIP helpers loaded, which seems to be a quite unorthodox scenario. I can provide a more elaborated patch to support this scenario but explicit helper attachment provides a better solution for this since now the use can attach the helpers consistently, without relying on the automatic helper lookup magic. This patch fixes a possible out of bound zeroing of the conntrack helper extension if the helper B uses more memory for its private data than helper A. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
parent
fd7462de46
commit
32f5376003
1 changed files with 7 additions and 1 deletions
|
|
@ -229,7 +229,13 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
memset(help->data, 0, helper->data_len);
|
/* We only allow helper re-assignment of the same sort since
|
||||||
|
* we cannot reallocate the helper extension area.
|
||||||
|
*/
|
||||||
|
if (help->helper != helper) {
|
||||||
|
RCU_INIT_POINTER(help->helper, NULL);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rcu_assign_pointer(help->helper, helper);
|
rcu_assign_pointer(help->helper, helper);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue