From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 16 Nov 2013 21:55:04 +0000 (-0800)
Subject: 3.4-stable patches
X-Git-Tag: v3.4.70~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f1e4b568f11336fd18c013724571b837a6c8a6a;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	netfilter-nf_ct_sip-don-t-drop-packets-with-offsets-pointing-outside-the-packet.patch
---

diff --git a/queue-3.4/netfilter-nf_ct_sip-don-t-drop-packets-with-offsets-pointing-outside-the-packet.patch b/queue-3.4/netfilter-nf_ct_sip-don-t-drop-packets-with-offsets-pointing-outside-the-packet.patch
new file mode 100644
index 00000000000..c46d34c6065
--- /dev/null
+++ b/queue-3.4/netfilter-nf_ct_sip-don-t-drop-packets-with-offsets-pointing-outside-the-packet.patch
@@ -0,0 +1,35 @@
+From bc73e38cee0626945a70cb0c2d873aaae3795130 Mon Sep 17 00:00:00 2001
+From: Patrick McHardy <kaber@trash.net>
+Date: Fri, 5 Apr 2013 08:13:30 +0000
+Subject: netfilter: nf_ct_sip: don't drop packets with offsets pointing outside the packet
+
+From: Patrick McHardy <kaber@trash.net>
+
+commit 3a7b21eaf4fb3c971bdb47a98f570550ddfe4471 upstream.
+
+Some Cisco phones create huge messages that are spread over multiple packets.
+After calculating the offset of the SIP body, it is validated to be within
+the packet and the packet is dropped otherwise. This breaks operation of
+these phones. Since connection tracking is supposed to be passive, just let
+those packets pass unmodified and untracked.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Cc: William Roberts <bill.c.roberts@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_conntrack_sip.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_conntrack_sip.c
++++ b/net/netfilter/nf_conntrack_sip.c
+@@ -1468,7 +1468,7 @@ static int sip_help_tcp(struct sk_buff *
+ 
+ 		msglen = origlen = end - dptr;
+ 		if (msglen > datalen)
+-			return NF_DROP;
++			return NF_ACCEPT;
+ 
+ 		ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen);
+ 		if (ret != NF_ACCEPT)
diff --git a/queue-3.4/series b/queue-3.4/series
index 9f3105b75b7..36eb41b1122 100644
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -4,3 +4,4 @@ net-flow_dissector-fail-on-evil-iph-ihl.patch
 pci-fix-truncation-of-resource-size-to-32-bits.patch
 usb-add-new-zte-3g-dongle-s-pid-to-option.c.patch
 alsa-hda-move-one-time-init-codes-from-generic_hdmi_init.patch
+netfilter-nf_ct_sip-don-t-drop-packets-with-offsets-pointing-outside-the-packet.patch