]> bbs.cooldavid.org Git - net-next-2.6.git/blobdiff - net/x25/x25_facilities.c
git://bbs.cooldavid.org / net-next-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
x25: Prevent crashing when parsing bad X.25 facilities
[net-next-2.6.git] / net / x25 / x25_facilities.c
diff --git a/net/x25/x25_facilities.c b/net/x25/x25_facilities.c
index 3a8c4c419cd4051ce0ce7a586b3d93417f768cb2..55187c8f64209c8c096fac54c88e7771834cbe3f 100644 (file)
--- a/net/x25/x25_facilities.c
+++ b/net/x25/x25_facilities.c
@@ -61,6 +61,8 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
        while (len > 0) {
                switch (*p & X25_FAC_CLASS_MASK) {
                case X25_FAC_CLASS_A:
+                       if (len < 2)
+                               return 0;
                        switch (*p) {
                        case X25_FAC_REVERSE:
                                if((p[1] & 0x81) == 0x81) {
@@ -104,6 +106,8 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
                        len -= 2;
                        break;
                case X25_FAC_CLASS_B:
+                       if (len < 3)
+                               return 0;
                        switch (*p) {
                        case X25_FAC_PACKET_SIZE:
                                facilities->pacsize_in  = p[1];
@@ -125,6 +129,8 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
                        len -= 3;
                        break;
                case X25_FAC_CLASS_C:
+                       if (len < 4)
+                               return 0;
                        printk(KERN_DEBUG "X.25: unknown facility %02X, "
                               "values %02X, %02X, %02X\n",
                               p[0], p[1], p[2], p[3]);
@@ -132,6 +138,8 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
                        len -= 4;
                        break;
                case X25_FAC_CLASS_D:
+                       if (len < p[1] + 2)
+                               return 0;
                        switch (*p) {
                        case X25_FAC_CALLING_AE:
                                if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] <= 1)
@@ -149,9 +157,7 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
                                break;
                        default:
                                printk(KERN_DEBUG "X.25: unknown facility %02X,"
-                                       "length %d, values %02X, %02X, "
-                                       "%02X, %02X\n",
-                                       p[0], p[1], p[2], p[3], p[4], p[5]);
+                                       "length %d\n", p[0], p[1]);
                                break;
                        }
                        len -= p[1] + 2;
Clone of davem's net-next-2.6 tree