--- /dev/null
+From laforge@netfilter.org Tue Nov 22 22:59:38 2005
+Date: Wed, 23 Nov 2005 07:59:21 +0100
+Message-ID: <20051123065921.GK31478@sunbeam.de.gnumonks.org>
+From: Harald Welte <laforge@netfilter.org>
+To: Krzysztof Oledzki <ole@ans.pl>
+Cc: stable@kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>
+Subject: [PATCH] [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message
+
+From: Krzysztof Piotr Oledzki <ole@ans.pl>
+
+This patch fixes an userspace triggered oops. If there is no ICMP_ID
+info the reference to attr will be NULL.
+
+Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Harald Welte <laforge@netfilter.org>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+
+ net/ipv4/netfilter/ip_conntrack_proto_icmp.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletion(-)
+
+Index: linux-2.6.14.2/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+===================================================================
+--- linux-2.6.14.2.orig/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
++++ linux-2.6.14.2/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+@@ -296,7 +296,8 @@ static int icmp_nfattr_to_tuple(struct n
+ struct ip_conntrack_tuple *tuple)
+ {
+ if (!tb[CTA_PROTO_ICMP_TYPE-1]
+- || !tb[CTA_PROTO_ICMP_CODE-1])
++ || !tb[CTA_PROTO_ICMP_CODE-1]
++ || !tb[CTA_PROTO_ICMP_ID-1])
+ return -1;
+
+ tuple->dst.u.icmp.type =
+++ /dev/null
-From stable-bounces@linux.kernel.org Tue Nov 15 04:33:12 2005
-Date: Tue, 15 Nov 2005 13:32:36 +0100
-From: Harald Welte <laforge@netfilter.org>
-To: Stable Kernel <stable@kernel.org>
-Cc:
-Subject: [PATCH] [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message
-
-From: Krzysztof Piotr Oledzki <ole@ans.pl>
-
-This patch fixes an userspace triggered oops. If there is no ICMP_ID
-info the reference to attr will be NULL.
-
-Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Harald Welte <laforge@netfilter.org>
-Signed-off-by: Chris Wright <chrisw@osdl.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
----
- net/ipv4/netfilter/ip_conntrack_proto_icmp.c | 13 +++++++------
- 1 file changed, 7 insertions(+), 6 deletions(-)
-
---- linux-2.6.14.2.orig/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
-+++ linux-2.6.14.2/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
-@@ -151,13 +151,13 @@ icmp_error_message(struct sk_buff *skb,
- /* Not enough header? */
- inside = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_in), &_in);
- if (inside == NULL)
-- return NF_ACCEPT;
-+ return -NF_ACCEPT;
-
- /* Ignore ICMP's containing fragments (shouldn't happen) */
- if (inside->ip.frag_off & htons(IP_OFFSET)) {
- DEBUGP("icmp_error_track: fragment of proto %u\n",
- inside->ip.protocol);
-- return NF_ACCEPT;
-+ return -NF_ACCEPT;
- }
-
- innerproto = ip_conntrack_proto_find_get(inside->ip.protocol);
-@@ -166,7 +166,7 @@ icmp_error_message(struct sk_buff *skb,
- if (!ip_ct_get_tuple(&inside->ip, skb, dataoff, &origtuple, innerproto)) {
- DEBUGP("icmp_error: ! get_tuple p=%u", inside->ip.protocol);
- ip_conntrack_proto_put(innerproto);
-- return NF_ACCEPT;
-+ return -NF_ACCEPT;
- }
-
- /* Ordinarily, we'd expect the inverted tupleproto, but it's
-@@ -174,7 +174,7 @@ icmp_error_message(struct sk_buff *skb,
- if (!ip_ct_invert_tuple(&innertuple, &origtuple, innerproto)) {
- DEBUGP("icmp_error_track: Can't invert tuple\n");
- ip_conntrack_proto_put(innerproto);
-- return NF_ACCEPT;
-+ return -NF_ACCEPT;
- }
- ip_conntrack_proto_put(innerproto);
-
-@@ -190,7 +190,7 @@ icmp_error_message(struct sk_buff *skb,
-
- if (!h) {
- DEBUGP("icmp_error_track: no match\n");
-- return NF_ACCEPT;
-+ return -NF_ACCEPT;
- }
- /* Reverse direction from that found */
- if (DIRECTION(h) != IP_CT_DIR_REPLY)
-@@ -296,7 +296,8 @@ static int icmp_nfattr_to_tuple(struct n
- struct ip_conntrack_tuple *tuple)
- {
- if (!tb[CTA_PROTO_ICMP_TYPE-1]
-- || !tb[CTA_PROTO_ICMP_CODE-1])
-+ || !tb[CTA_PROTO_ICMP_CODE-1]
-+ || !tb[CTA_PROTO_ICMP_ID-1])
- return -1;
-
- tuple->dst.u.icmp.type =
projects / thirdparty / kernel / stable-queue.git / commitdiff
