From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Tue, 30 Aug 2011 13:45:10 +0000 (+0200)
Subject: netfilter: nf_ct_tcp: fix incorrect handling of invalid TCP option
X-Git-Tag: v3.1-rc7~25^2~12^2~5^2~2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a5cc84ae7e19fb7a72a30332ba67af43e0ad1ad;p=pandora-kernel.git

netfilter: nf_ct_tcp: fix incorrect handling of invalid TCP option

Michael M. Builov reported that in the tcp_options and tcp_sack functions
of netfilter TCP conntrack the incorrect handling of invalid TCP option
with too big opsize may lead to read access beyond tcp-packet or buffer
allocated on stack (netfilter bugzilla #738). The fix is to stop parsing
the options at detecting the broken option.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---

Reading git-diff-tree failed