diff options
| author | Toby DiPasquale <toby@cbcg.net> | 2016-07-11 11:32:45 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-11 12:32:45 +0200 |
| commit | c2b9b4fee8ab86f2bb657e5ac48d803879e92765 (patch) | |
| tree | eab004aea8fd32b8b3f75a51bada4696f5385047 /net/netfilter/nf_conntrack_h323_asn1.c | |
| parent | c080b460df960f1dc3b35d009392458b2861e801 (diff) | |
netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931
This patch corrects an off-by-one error in the DecodeQ931 function in
the nf_conntrack_h323 module. This error could result in reading off
the end of a Q.931 frame.
Signed-off-by: Toby DiPasquale <toby@cbcg.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_conntrack_h323_asn1.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_h323_asn1.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_h323_asn1.c b/net/netfilter/nf_conntrack_h323_asn1.c index bcd5ed6b7130..89b2e46925c4 100644 --- a/net/netfilter/nf_conntrack_h323_asn1.c +++ b/net/netfilter/nf_conntrack_h323_asn1.c @@ -846,9 +846,10 @@ int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931) sz -= len; /* Message Type */ - if (sz < 1) + if (sz < 2) return H323_ERROR_BOUND; q931->MessageType = *p++; + sz--; PRINT("MessageType = %02X\n", q931->MessageType); if (*p & 0x80) { p++; |