netfilter: nf_conntrack_irc: Tighten matching on DCC message (88ca7b80) · Commits · Summer2022 / 22b970264

Commit 88ca7b80 authored 2 years ago by

David Leadbeater Committed by Yongqiang Liu 2 years ago

netfilter: nf_conntrack_irc: Tighten matching on DCC message

mainline inclusion
from mainline-v6.0-rc6
commit e8d5dfd1d8747b56077d02664a8838c71ced948e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5OWZ7


CVE: CVE-2022-2663

---------------------------

CTCP messages should only be at the start of an IRC message, not
anywhere within it.

While the helper only decodes packes in the ORIGINAL direction, its
possible to make a client send a CTCP message back by empedding one into
a PING request.  As-is, thats enough to make the helper believe that it
saw a CTCP message.

Fixes: 869f37d8 ("[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port")
Signed-off-by: David Leadbeater <dgl@dgl.cx>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Liu Jian <liujian56@huawei.com>
Reviewed-by: Yue Haibing <yuehaibing@huawei.com>
Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>

parent d4a36267

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 28 additions and 6 deletions

Please register or to comment