[NETFILTER]: xt_sctp: fix endless loop caused by 0 chunk length Fix endless loop in the SCTP match similar to those already fixed in the SCTP conntrack helper (was CVE-2006-1527). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: d3dcd4efe2ad1ad1865b2fe5c863c1ebd9482a84 [log] [tgz]
author: Patrick McHardy <kaber@trash.net> Mon Jun 19 23:39:45 2006 -0700
committer: David S. Miller <davem@davemloft.net> Mon Jun 19 23:39:45 2006 -0700
tree: 058379919390c78a18075fabf43e8fdd3d645418
parent: 25f42b6af09e34c3f92107b36b5aa6edc2fdba2f [diff] [blame]
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index b5110e5..9316c75 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c

@@ -62,7 +62,7 @@
 
 	do {
 		sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
-		if (sch == NULL) {
+		if (sch == NULL || sch->length == 0) {
 			duprintf("Dropping invalid SCTP packet.\n");
 			*hotdrop = 1;
 			return 0;
commit	d3dcd4efe2ad1ad1865b2fe5c863c1ebd9482a84	[log] [tgz]
author	Patrick McHardy <kaber@trash.net>	Mon Jun 19 23:39:45 2006 -0700
committer	David S. Miller <davem@davemloft.net>	Mon Jun 19 23:39:45 2006 -0700
tree	058379919390c78a18075fabf43e8fdd3d645418
parent	25f42b6af09e34c3f92107b36b5aa6edc2fdba2f [diff] [blame]