[NETFILTER]: Fix crash in ip_nat_pptp
When an inbound PPTP_IN_CALL_REQUEST packet is received the PPTP NAT helper uses a NULL pointer in pointer arithmentic to calculate the offset in the packet which needs to be mangled and corrupts random memory or crashes. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
bb94aa169e
commit
15db34702c
|
@ -315,7 +315,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
|
|||
break;
|
||||
case PPTP_IN_CALL_REQUEST:
|
||||
/* only need to nat in case PAC is behind NAT box */
|
||||
break;
|
||||
return NF_ACCEPT;
|
||||
case PPTP_WAN_ERROR_NOTIFY:
|
||||
pcid = &pptpReq->wanerr.peersCallID;
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue