thr3ads.net - netfilter buglog - [Bug 771] New: nf_conntrack_proto

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.netfilter.org

2012-Feb-16 07:54 UTC

[Bug 771] New: nf_conntrack_proto_tcp BUG??

http://bugzilla.netfilter.org/show_bug.cgi?id=771

           Summary: nf_conntrack_proto_tcp BUG??
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nf_conntrack
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: kendo999 at sohu.com
   Estimated Hours: 0.0


Sometimes occur on my system (2.6.38.8):
 klogd: [147339.919840] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 447!
 klogd: [2629147.402413] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 447!
 klogd: [1072212.887368] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 392

line 392:
 ptr = skb_header_pointer (skb, dataoff + sizeof (struct tcphdr),
                                 length, buff);
        BUG_ON (ptr == NULL);

line 447:
 ptr = skb_header_pointer (skb, dataoff + sizeof (struct tcphdr),
                                 length, buff);
        BUG_ON (ptr == NULL);

Whether this is because Netfilter does not correct for tcp length of the
security checks that it can not properly deal with attack packets or bad
packets?

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

bugzilla-daemon at bugzilla.netfilter.org

2013-Feb-14 16:02 UTC

head link

[Bug 771] nf_conntrack_proto_tcp BUG??

http://bugzilla.netfilter.org/show_bug.cgi?id=771

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |pablo at netfilter.org
         Resolution|                            |FIXED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-02-14
17:02:07 CET ---
Closing as it is fixed by:

07153c6 netfilter: nf_ct_ipv4: packets with wrong ihl are invalid

You can obtain the patch here:

https://patchwork.kernel.org/patch/1615761/

It''s also available at -stable starting 3.0

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

netfilter buglog - Feb 2012 - [Bug 771] New: nf_conntrack_proto_tcp BUG??

[Bug 771] New: nf_conntrack_proto_tcp BUG??

[Bug 771] nf_conntrack_proto_tcp BUG??