netfilter: nf_tables: fix oob access

[mirror_ubuntu-artful-kernel.git] / net / netfilter / nf_conntrack_sip.c

diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 621b81c7bddc5d486dff5cff77c4070a41edda36..c3fc14e021ecf55ba9085cd7ee7a86bfc5352750 100644 (file)
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1436,9 +1436,12 @@ static int process_sip_request(struct sk_buff *skb, unsigned int protoff,
                handler = &sip_handlers[i];
                if (handler->request == NULL)
                        continue;
-               if (*datalen < handler->len ||
+               if (*datalen < handler->len + 2 ||
                    strncasecmp(*dptr, handler->method, handler->len))
                        continue;
+               if ((*dptr)[handler->len] != ' ' ||
+                   !isalpha((*dptr)[handler->len+1]))
+                       continue;
 
                if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
                                      &matchoff, &matchlen) <= 0) {