diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-05-14 14:14:23 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-06-03 08:21:35 +0200 |
| commit | 9f57771d09f4e62724144f49e3d40b9485f4ab4f (patch) | |
| tree | 6af1ca8bd5e318739dd6ef13e546991cd741d3e0 /include/linux/netfilter | |
| parent | b16287f99d31d11bf094cbfb2c92d93ac2801942 (diff) | |
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
commit 4c559f15efcc43b996f4da528cd7f9483aaca36d upstream.
Dan Carpenter says: "Smatch complains that the value for "cmd" comes
from the network and can't be trusted."
Add pptp_msg_name() helper function that checks for the array boundary.
Fixes: f09943fefe6b ("[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/linux/netfilter')
| -rw-r--r-- | include/linux/netfilter/nf_conntrack_pptp.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_conntrack_pptp.h b/include/linux/netfilter/nf_conntrack_pptp.h index fcc409de31a4..6a4ff6d5ebc2 100644 --- a/include/linux/netfilter/nf_conntrack_pptp.h +++ b/include/linux/netfilter/nf_conntrack_pptp.h @@ -10,7 +10,7 @@ #include <net/netfilter/nf_conntrack_expect.h> #include <uapi/linux/netfilter/nf_conntrack_tuple_common.h> -extern const char *const pptp_msg_name[]; +extern const char *const pptp_msg_name(u_int16_t msg); /* state of the control session */ enum pptp_ctrlsess_state { |