Displaying 1 result from an estimated 1 matches for "tcp_parse_options".
2011 Aug 21
6
[Bug 738] New: reading beyond buffer limits in nf_conntrack_proto_tcp.c::tcp_options()
...ptr += opsize - 2;
429 length -= opsize;
430 }
431 }
doing 'break' at line 412 we forget to decrement 'length'.
Also, there is a question: why 'break' and not just 'return'?
Comment for tcp_options() says that it is a "Simplified tcp_parse_options
routine from tcp_input.c", but tcp_parse_options() does 'return' in case of
"partial options".
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watchin...