diff options
author | Patrick McHardy <kaber@trash.net> | 2006-01-09 16:43:43 -0800 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-01-10 12:54:30 -0800 |
commit | 15db34702cfafd24acc60295cf14861e497502ab (patch) | |
tree | 541d18bb0b8e1d915ca258d16ea79df730b8f0b7 /net/ipv4 | |
parent | bb94aa169eaa6e713a429370d37388722f08666f (diff) | |
download | linux-3.10-15db34702cfafd24acc60295cf14861e497502ab.tar.gz linux-3.10-15db34702cfafd24acc60295cf14861e497502ab.tar.bz2 linux-3.10-15db34702cfafd24acc60295cf14861e497502ab.zip |
[NETFILTER]: Fix crash in ip_nat_pptp
When an inbound PPTP_IN_CALL_REQUEST packet is received the
PPTP NAT helper uses a NULL pointer in pointer arithmentic to
calculate the offset in the packet which needs to be mangled
and corrupts random memory or crashes.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/ip_nat_helper_pptp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c index e546203f566..8ad7b36e242 100644 --- a/net/ipv4/netfilter/ip_nat_helper_pptp.c +++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c @@ -315,7 +315,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, break; case PPTP_IN_CALL_REQUEST: /* only need to nat in case PAC is behind NAT box */ - break; + return NF_ACCEPT; case PPTP_WAN_ERROR_NOTIFY: pcid = &pptpReq->wanerr.peersCallID; break; |