github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cd09dfbdad
linux/include
History
Andrey Vagin a843619f1b netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len 
commit 223b02d923 upstream.

"len" contains sizeof(nf_ct_ext) and size of extensions. In a worst
case it can contain all extensions. Bellow you can find sizes for all
types of extensions. Their sum is definitely bigger than 256.

nf_ct_ext_types[0]->len = 24
nf_ct_ext_types[1]->len = 32
nf_ct_ext_types[2]->len = 24
nf_ct_ext_types[3]->len = 32
nf_ct_ext_types[4]->len = 152
nf_ct_ext_types[5]->len = 2
nf_ct_ext_types[6]->len = 16
nf_ct_ext_types[7]->len = 8

I have seen "len" up to 280 and my host has crashes w/o this patch.

The right way to fix this problem is reducing the size of the ecache
extension (4) and Florian is going to do this, but these changes will
be quite large to be appropriate for a stable tree.

Fixes: 5b423f6a40 (netfilter: nf_conntrack: fix racy timer handling with reliable)
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-30 21:52:11 -07:00
..
acpi ACPI / hotplug: Fix conflicted PCI bridge notify handlers 2013-12-04 10:57:04 -08:00
asm-generic mm: fix TLB flush race between migration, and change_protection_range 2014-01-09 12:24:23 -08:00
clocksource clocksource: arch_timer: use virtual counters 2014-01-09 12:24:26 -08:00
crypto crypto: scatterwalk - Use sg_chain_ptr on chain entries 2013-12-11 22:36:29 -08:00
drm drm/radeon: 0x9649 is SUMO2 not SUMO 2014-01-09 12:24:22 -08:00
dt-bindings ARM: dt: create a DT header for the GIC 2013-04-05 12:23:24 -06:00
keys
linux libata/ahci: accommodate tag ordered controllers 2014-05-13 13:59:43 +02:00
math-emu
media media: v4l2: added missing mutex.h include to v4l2-ctrls.h 2013-09-26 17:18:26 -07:00
memory
misc
net netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len 2014-05-30 21:52:11 -07:00
pcmcia pcmcia/ds.h: introduce helper for pcmcia_driver module boilerplate 2013-03-15 12:26:03 -07:00
ras edac: add support for error type "Info" 2013-02-21 14:16:27 -03:00
rdma IB/core: Add "type 2" memory windows support 2013-02-21 11:51:45 -08:00
rxrpc
scsi scsi: fix our current target reap infrastructure 2014-05-30 21:52:11 -07:00
sound ALSA: memalloc.h - fix wrong truncation of dma_addr_t 2013-12-20 07:45:06 -08:00
target iscsi/iser-target: Fix isert_conn->state hung shutdown issues 2014-03-23 21:38:21 -07:00
trace blktrace: fix accounting of partially completed requests 2014-05-30 21:52:11 -07:00
uapi ALSA: compress: Fix 64bit ABI incompatibility 2013-12-20 07:45:06 -08:00
video Merge branch 'fbdev-3.10-fixes' of git://gitorious.org/linux-omap-dss2/linux into linux-fbdev/for-3.10-fixes 2013-05-29 17:00:34 +08:00
xen xenbus: delay xenbus frontend resume if xenstored is not running 2013-05-29 09:04:19 -04:00
Kbuild UAPI: remove empty Kbuild files 2013-04-30 17:04:09 -07:00