netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack
authorEric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Mon, 9 Oct 2017 05:01:14 +0000 (07:01 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 24 Oct 2017 16:29:15 +0000 (18:29 +0200)
Add missing counter decrement to prevent out of bounds memory read.

Signed-off-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_h323_asn1.c

index 7831aa1effc9c4e46d4878de4239723219fb8132..cf1bf2605c1027207a86889f93da667d8b2313b9 100644 (file)
@@ -877,6 +877,7 @@ int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931)
                if (sz < 1)
                        break;
                len = *p++;
+               sz--;
                if (sz < len)
                        break;
                p += len;