mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-01 06:33:07 +00:00
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
When first DCCP packet is SYNC or SYNCACK, we insert a new conntrack that has an un-initialized timeout value, i.e. such entry could be reaped at any time. Mark them as INVALID and only ignore SYNC/SYNCACK when connection had an old state. Reported-by: syzbot+6f18401420df260e37ed@syzkaller.appspotmail.com Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
c6cc94df65
commit
6613b6173d
1 changed files with 4 additions and 4 deletions
|
@ -243,14 +243,14 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] =
|
||||||
* We currently ignore Sync packets
|
* We currently ignore Sync packets
|
||||||
*
|
*
|
||||||
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
|
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
|
||||||
sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
|
sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
|
||||||
},
|
},
|
||||||
[DCCP_PKT_SYNCACK] = {
|
[DCCP_PKT_SYNCACK] = {
|
||||||
/*
|
/*
|
||||||
* We currently ignore SyncAck packets
|
* We currently ignore SyncAck packets
|
||||||
*
|
*
|
||||||
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
|
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
|
||||||
sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
|
sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
[CT_DCCP_ROLE_SERVER] = {
|
[CT_DCCP_ROLE_SERVER] = {
|
||||||
|
@ -371,14 +371,14 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] =
|
||||||
* We currently ignore Sync packets
|
* We currently ignore Sync packets
|
||||||
*
|
*
|
||||||
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
|
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
|
||||||
sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
|
sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
|
||||||
},
|
},
|
||||||
[DCCP_PKT_SYNCACK] = {
|
[DCCP_PKT_SYNCACK] = {
|
||||||
/*
|
/*
|
||||||
* We currently ignore SyncAck packets
|
* We currently ignore SyncAck packets
|
||||||
*
|
*
|
||||||
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
|
* sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
|
||||||
sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
|
sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue