diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-06 14:04:24 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-06 15:17:26 +0200 |
| commit | 479a37a549abf197ce59a4ae1666d8cba80fe977 (patch) | |
| tree | 7fb43723c0fba13d72f6bf30351fde7e5da7b7ec /include | |
| parent | e2c6576e775652c35d336afa0551676339c6a793 (diff) | |
| download | conntrack-tools-479a37a549abf197ce59a4ae1666d8cba80fe977.tar.gz conntrack-tools-479a37a549abf197ce59a4ae1666d8cba80fe977.zip | |
conntrackd: fix crash with IPv6 expectation in the filtering code
Jul 5 00:41:06 sen-fw1 kernel: [274422.060695] conntrackd[4821]: segfault at 0 ip 000000000040c660 sp 00007fffebb098a8 error 4 in conntrackd[400000+3d000]
> #0 0x000000000040f217 in jhash2 (k=0x0, length=4, initval=0) at ../include/jhash.h:99
> a = 2654435769 b = 2654435769 c = 0 len = 4
> #1 0x000000000040f564 in ct_filter_hash6 (data=0x0, table=0x16ef630) at filter.c:57
> #2 0x000000000040ad34 in hashtable_hash (table=0x16ef630, data=0x0) at hash.c:63
> #3 0x000000000040fd19 in __ct_filter_test_ipv6 (f=0x16eeba0, ct=0x1703760) at filter.c:265
> id_src = 51 id_dst = 24051376 src = 0x1703760 dst = 0x0
The master conntrack of the expectation has no reply tuple. However, the
filtering routine needs it. To avoid this issue, emulate the source
address in the reply tuple.
While at it, fix incorrect sanity checking that should have caught
this issue.
Thanks to Florian Westphal for initial diagnosing of this bug.
Reported-by: Bill Fink <billfink@mindspring.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions