Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / 6613b6173dee098997229caf1f3b961c49da75e6
commit6613b6173dee098997229caf1f3b961c49da75e6[log] [tgz]
authorFlorian Westphal <fw@strlen.de>Tue Jul 17 21:03:15 2018 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>Fri Jul 20 15:31:44 2018 +0200
treec9a2de23089be23f4ae25930b67781c45823156b
parentc6cc94df65c3174be92afbee638f11cbb5e606a7 [diff]
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state

When first DCCP packet is SYNC or SYNCACK, we insert a new conntrack
that has an un-initialized timeout value, i.e. such entry could be
reaped at any time.

Mark them as INVALID and only ignore SYNC/SYNCACK when connection had
an old state.

Reported-by: syzbot+6f18401420df260e37ed@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 file changed
tree: c9a2de23089be23f4ae25930b67781c45823156b
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README