From: Patrick McHardy Date: Tue, 10 Jan 2006 00:43:43 +0000 (-0800) Subject: [NETFILTER]: Fix crash in ip_nat_pptp X-Git-Tag: firefly_0821_release~39182^2~11 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=15db34702cfafd24acc60295cf14861e497502ab;p=firefly-linux-kernel-4.4.55.git [NETFILTER]: Fix crash in ip_nat_pptp When an inbound PPTP_IN_CALL_REQUEST packet is received the PPTP NAT helper uses a NULL pointer in pointer arithmentic to calculate the offset in the packet which needs to be mangled and corrupts random memory or crashes. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c index e546203f5662..8ad7b36e242d 100644 --- a/net/ipv4/netfilter/ip_nat_helper_pptp.c +++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c @@ -315,7 +315,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, break; case PPTP_IN_CALL_REQUEST: /* only need to nat in case PAC is behind NAT box */ - break; + return NF_ACCEPT; case PPTP_WAN_ERROR_NOTIFY: pcid = &pptpReq->wanerr.peersCallID; break;