diff options
| author | Joe Marcus Clarke <marcus@FreeBSD.org> | 2005-03-03 03:06:37 +0000 |
|---|---|---|
| committer | Joe Marcus Clarke <marcus@FreeBSD.org> | 2005-03-03 03:06:37 +0000 |
| commit | 70037e98c448d1cacafcec74aa985ead1a957741 (patch) | |
| tree | ae2942acfc05e6a3b3387d0b06a158ba4a72f99d /lib/libalias | |
| parent | a1d0c3f2038b334c4faae73b24f3b45f8cc054a0 (diff) | |
| download | src-70037e98c448d1cacafcec74aa985ead1a957741.tar.gz src-70037e98c448d1cacafcec74aa985ead1a957741.zip | |
Fix a problem in the Skinny ALG where a specially crafted packet could cause
a libalias application (e.g. natd, ppp, etc.) to crash. Note: Skinny support
is not enabled in natd or ppp by default.
Approved by: secteam (nectar)
MFC after: 1 day
Secuiryt: This fixes a remote DoS exploit
Notes
Notes:
svn path=/head/; revision=143083
Diffstat (limited to 'lib/libalias')
| -rw-r--r-- | lib/libalias/alias_skinny.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/libalias/alias_skinny.c b/lib/libalias/alias_skinny.c index 74c283c73cf1..d1e4a1469377 100644 --- a/lib/libalias/alias_skinny.c +++ b/lib/libalias/alias_skinny.c @@ -216,11 +216,11 @@ alias_skinny_opnrcvch_ack(struct libalias *la, struct OpenReceiveChannelAck *opn void AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk) { - int hlen, tlen, dlen; + size_t hlen, tlen, dlen; struct tcphdr *tc; - int32_t msgId, len, t, lip; + u_int32_t msgId, t, len, lip; struct skinny_header *sd; - int orig_len, skinny_hdr_len = sizeof(struct skinny_header); + size_t orig_len, skinny_hdr_len = sizeof(struct skinny_header); ConvDirection direction; tc = (struct tcphdr *)ip_next(pip); @@ -297,7 +297,7 @@ AliasHandleSkinny(struct libalias *la, struct ip *pip, struct alias_link *lnk) return; } #ifdef DEBUG - fprintf(stderr + fprintf(stderr, "PacketAlias/Skinny: Received ipport message\n"); #endif port_mesg = (struct IpPortMessage *)&sd->msgId; |