nf_conntrack_h323: add checking of out-of-range on choices' index values

author Jing Min Zhao <zhaojingmin@vivecode.com>

Thu, 5 Jul 2007 18:42:14 +0000 (20:42 +0200)

committer Greg Kroah-Hartman <gregkh@suse.de>

Sat, 7 Jul 2007 04:52:13 +0000 (21:52 -0700)
author Jing Min Zhao <zhaojingmin@vivecode.com>
Thu, 5 Jul 2007 18:42:14 +0000 (20:42 +0200)
committer Greg Kroah-Hartman <gregkh@suse.de>
Sat, 7 Jul 2007 04:52:13 +0000 (21:52 -0700)
diff --git a/net/netfilter/nf_conntrack_h323_asn1.c b/net/netfilter/nf_conntrack_h323_asn1.c

index f6fad713d484d7558184bf3436031c93948ee60f..6b7eaa019d4c84883e62bf2cbce2e7d1afbe702b 100644 (file)
--- a/net/netfilter/nf_conntrack_h323_asn1.c
+++ b/net/netfilter/nf_conntrack_h323_asn1.c
@@ -518,7 +518,7 @@ int decode_seq(bitstr_t * bs, field_t * f, char *base, int level)
                         CHECK_BOUND(bs, 2);
                         len = get_len(bs);
                         CHECK_BOUND(bs, len);
-                       if (!base) {
+                       if (!base || !(son->attr & DECODE)) {
                                 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE,
                                       " ", son->name);
                                 bs->cur += len;
@@ -704,6 +704,8 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level)
         } else {
                 ext = 0;
                 type = get_bits(bs, f->sz);
+               if (type >= f->lb)
+                       return H323_ERROR_RANGE;
         }
  
         /* Write Type */
author	Jing Min Zhao <zhaojingmin@vivecode.com>
	Thu, 5 Jul 2007 18:42:14 +0000 (20:42 +0200)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Sat, 7 Jul 2007 04:52:13 +0000 (21:52 -0700)