mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-20 17:41:09 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Jeff Mahoney 4e7dba99c9 netfilter: Implement RFC 1123 for FTP conntrack 
The FTP conntrack code currently only accepts the following format for
 the 227 response for PASV:
 227 Entering Passive Mode (148,100,81,40,31,161).

 It doesn't accept the following format from an obscure server:
 227 Data transfer will passively listen to 67,218,99,134,50,144

 From RFC 1123:
 The format of the 227 reply to a PASV command is not
 well standardized.  In particular, an FTP client cannot
 assume that the parentheses shown on page 40 of RFC-959
 will be present (and in fact, Figure 3 on page 43 omits
 them).  Therefore, a User-FTP program that interprets
 the PASV reply must scan the reply for the first digit
 of the host and port numbers.

 This patch adds support for the RFC 1123 clarification by:
 - Allowing a search filter to specify NUL as the terminator so that
   try_number will return successfully if the array of numbers has been
   filled when an unexpected character is encountered.
 - Using space as the separator for the 227 reply and then scanning for
   the first digit of the number sequence. The number sequence is parsed
   out using the existing try_rfc959 but with a NUL terminator.

References: https://bugzilla.novell.com/show_bug.cgi?id=466279
References: http://bugzilla.netfilter.org/show_bug.cgi?id=574
Reported-by: Mark Post <mpost@novell.com>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netfilter-devel@vger.kernel.org
Cc: netfilter@vger.kernel.org
Cc: coreteam@netfilter.org
Cc: netdev@vger.kernel.org
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-05-27 13:32:43 +02:00
..
ipset netfilter: ipset: set match: add support to match the counters 2013-04-29 20:09:03 +02:00
ipvs ipvs: change type of netns_ipvs->sysctl_sync_qlen_max 2013-05-26 08:17:33 +09:00
core.c netfilter: don't panic on error while walking through the init path 2013-05-23 14:22:30 +02:00
Kconfig Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
Makefile netfilter: x_tables: add xt_bpf match 2013-01-21 12:20:19 +01:00
nf_conntrack_acct.c netfilter: nf_ct_acct: move initialization out of pernet_operations 2013-01-23 12:55:29 +01:00
nf_conntrack_amanda.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_broadcast.c
nf_conntrack_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
nf_conntrack_ecache.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_expect.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-04-19 17:55:29 -04:00
nf_conntrack_extend.c netfilter: nf_ct_ext: support variable length extensions 2012-06-16 15:08:49 +02:00
nf_conntrack_ftp.c netfilter: Implement RFC 1123 for FTP conntrack 2013-05-27 13:32:43 +02:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_irc.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_labels.c netfilter: nf_ct_labels: move initialization out of pernet_operations 2013-01-23 12:56:23 +01:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: allow to dump expectation per master conntrack 2013-03-19 17:02:18 +01:00
nf_conntrack_pptp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_proto.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_proto_dccp.c netfilter: nf_log: prepare net namespace support for loggers 2013-04-05 20:12:54 +02:00
nf_conntrack_proto_generic.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_proto_gre.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_proto_sctp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_proto_tcp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_proto_udp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_proto_udplite.c netfilter: nf_log: prepare net namespace support for loggers 2013-04-05 20:12:54 +02:00
nf_conntrack_sane.c netfilter: nf_ct_helper: better logging for dropped packets 2013-02-19 02:48:05 +01:00
nf_conntrack_sip.c netfilter: nf_ct_sip: don't drop packets with offsets pointing outside the packet 2013-04-06 14:03:18 +02:00
nf_conntrack_snmp.c netfilter: nf_ct_snmp: add include file 2013-01-18 00:28:18 +01:00
nf_conntrack_standalone.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_tftp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_timeout.c netfilter: nf_ct_timeout: move initialization out of pernet_operations 2013-01-23 12:56:02 +01:00
nf_conntrack_timestamp.c netfilter: nf_ct_tstamp: move initialization out of pernet_operations 2013-01-23 12:55:39 +01:00
nf_internals.h netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue() 2012-09-03 13:52:54 +02:00
nf_log.c netfilter: don't panic on error while walking through the init path 2013-05-23 14:22:30 +02:00
nf_nat_amanda.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-04-25 00:53:40 -04:00
nf_nat_ftp.c netfilter: nf_ct_helper: better logging for dropped packets 2013-02-19 02:48:05 +01:00
nf_nat_helper.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_irc.c netfilter: nf_ct_helper: better logging for dropped packets 2013-02-19 02:48:05 +01:00
nf_nat_proto_common.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_dccp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_sctp.c sctp: Correct type and usage of sctp_end_cksum() 2013-04-29 20:09:08 +02:00
nf_nat_proto_tcp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_udp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_udplite.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_unknown.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_sip.c netfilter: nf_ct_helper: better logging for dropped packets 2013-02-19 02:48:05 +01:00
nf_nat_tftp.c netfilter: nf_ct_helper: better logging for dropped packets 2013-02-19 02:48:05 +01:00
nf_queue.c netfilter: move skb_gso_segment into nfnetlink_queue module 2013-04-29 20:09:05 +02:00
nf_sockopt.c
nf_tproxy_core.c
nfnetlink.c nfnetlink: add support for memory mapped netlink 2013-04-19 14:58:36 -04:00
nfnetlink_acct.c netfilter: nfnetlink_acct: return -EINVAL if object name is empty 2013-03-25 14:21:30 +01:00
nfnetlink_cthelper.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
nfnetlink_cttimeout.c netfilter: cttimeout: fix buffer overflow 2012-11-21 23:50:14 +01:00
nfnetlink_log.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-04-19 17:55:29 -04:00
nfnetlink_queue_core.c netfilter: nfnetlink_queue: avoid peer_portid test 2013-05-26 22:05:11 +02:00
nfnetlink_queue_ct.c netfilter: nfnetlink_queue: fix sparse warning due to missing include 2012-06-23 02:13:38 +02:00
x_tables.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
xt_addrtype.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_AUDIT.c netfilter: xt_AUDIT: only generate audit log when audit enabled 2013-03-04 14:45:25 +01:00
xt_bpf.c netfilter: x_tables: add xt_bpf match 2013-01-21 12:20:19 +01:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c Merge branch 'nf-next' of git://1984.lsi.us.es/net-next 2011-12-25 02:21:45 -05:00
xt_connlabel.c netfilter: add connlabel conntrack extension 2013-01-18 00:28:15 +01:00
xt_connlimit.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
xt_cpu.c
xt_CT.c netfilter: xt_CT: optimize XT_CT_NOTRACK 2013-05-23 11:09:29 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c netfilter: xtables: collapse conditions in xt_ecn 2011-12-27 20:45:25 +01:00
xt_esp.c
xt_hashlimit.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
xt_helper.c
xt_HL.c
xt_hl.c
xt_HMARK.c ipv6: Move ipv6_find_hdr() out of Netfilter code. 2012-11-09 17:05:07 -08:00
xt_IDLETIMER.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
xt_iprange.c
xt_ipvs.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
xt_LED.c
xt_length.c
xt_limit.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
xt_LOG.c netfilter: xt_LOG: add net namespace support for xt_LOG 2013-04-05 20:58:45 +02:00
xt_mac.c netfilter: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:18 -04:00
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets 2012-10-15 13:39:12 +02:00
xt_NETMAP.c netfilter: combine ipt_NETMAP and ip6t_NETMAP 2012-09-21 12:11:08 +02:00
xt_nfacct.c netfilter: xtables: add nfacct match to support extended accounting 2011-12-25 02:43:17 +01:00
xt_NFLOG.c
xt_NFQUEUE.c netfilter: xt_NFQUEUE: coalesce IPv4 and IPv6 hashing 2013-04-02 01:26:10 +02:00
xt_osf.c netfilter: nf_log: prepare net namespace support for loggers 2013-04-05 20:12:54 +02:00
xt_owner.c userns: xt_owner: Add basic user namespace support. 2012-08-14 21:55:30 -07:00
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_rateest.c netfilter: xt_rateest: fix xt_rateest_mt_checkentry() 2011-07-29 16:24:46 +02:00
xt_RATEEST.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
xt_realm.c
xt_recent.c proc: Supply PDE attribute setting accessor functions 2013-05-01 17:29:18 -04:00
xt_REDIRECT.c netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
xt_set.c netfilter: ipset: set match: add support to match the counters 2013-04-29 20:09:03 +02:00
xt_socket.c netfilter: xt_socket: use IP early demux 2013-05-23 11:09:53 +02:00
xt_state.c
xt_statistic.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
xt_TCPOPTSTRIP.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_tcpudp.c
xt_TEE.c netfilter: xt_TEE: don't use destination address found in header 2012-10-17 11:00:31 +02:00
xt_time.c netfilter: xt_time: add support to ignore day transition 2012-09-24 14:29:01 +02:00
xt_TPROXY.c net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
xt_TRACE.c
xt_u32.c