diff options
author | Patrick McHardy <kaber@trash.net> | 2010-02-11 12:23:12 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-02-11 12:23:12 +0100 |
commit | 54101f4f3bed87fa968b57f77f8ff3b09fd88bcf (patch) | |
tree | ca56e07a111a49ca223e0ca0b69e8ab61d011b81 | |
parent | b87921bdf25485afd8f5a5f25e86b5acef32a9cf (diff) | |
download | talos-op-linux-54101f4f3bed87fa968b57f77f8ff3b09fd88bcf.tar.gz talos-op-linux-54101f4f3bed87fa968b57f77f8ff3b09fd88bcf.zip |
netfilter: nf_conntrack_sip: fix ct_sip_parse_request() REGISTER request parsing
When requests are parsed, the "sip:" part of the SIP URI should be skipped.
Usually this doesn't matter because address parsing skips forward until after
the username part, but in case REGISTER requests it doesn't contain a username
and the address can not be parsed.
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/netfilter/nf_conntrack_sip.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 419c5cabb332..0ca2f2b5c2fa 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -236,12 +236,13 @@ int ct_sip_parse_request(const struct nf_conn *ct, return 0; /* Find SIP URI */ - limit -= strlen("sip:"); - for (; dptr < limit; dptr++) { + for (; dptr < limit - strlen("sip:"); dptr++) { if (*dptr == '\r' || *dptr == '\n') return -1; - if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) + if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) { + dptr += strlen("sip:"); break; + } } if (!skp_epaddr_len(ct, dptr, limit, &shift)) return 0; |