]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: caf3d4b) | patch
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
authorFlorian Westphal <fw@strlen.de>
Tue, 17 Jul 2018 19:03:15 +0000 (21:03 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 24 Aug 2018 11:09:22 +0000 (13:09 +0200)
commitc764f22b2fc39fbc621493f3c43bf120eaf2dbc7
treeb7acc1ba4e5d122a99d2cffcdf18eaf935d58f0btree | snapshot
parentcaf3d4bd62cc11a055dce8a19e87a9f33b5e4bcacommit | diff
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state

commit 6613b6173dee098997229caf1f3b961c49da75e6 upstream.

When first DCCP packet is SYNC or SYNCACK, we insert a new conntrack
that has an un-initialized timeout value, i.e. such entry could be
reaped at any time.

Mark them as INVALID and only ignore SYNC/SYNCACK when connection had
an old state.

Reported-by: syzbot+6f18401420df260e37ed@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/netfilter/nf_conntrack_proto_dccp.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git