[PATCH net-next v2 0/3] netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers
From: HACKE-RC
Date: Thu Apr 30 2026 - 14:37:23 EST
Both nf_conntrack_irc and nf_conntrack_amanda parse port numbers
from application-layer protocol data using simple_strtoul(), which
relies on nul-terminated strings and returns unsigned long without
range checking. Port values above 65535 silently truncate when
stored in u16.
This v2 adds a shared nf_ct_helper_parse_port() function to the
conntrack helper core, modeled after the approach in 8cf6809cddcb
("netfilter: nf_conntrack_sip: don't use simple_strtoul"), then
converts both helpers to use it.
Changes since v1:
- Added shared nf_ct_helper_parse_port() in the helper core
instead of open-coding range checks in each helper (Pablo)
- Parser does not rely on nul-terminated strings
- Dropped simple_strtoul usage entirely for port parsing
HACKE-RC (3):
netfilter: conntrack: add shared port parser for helpers
netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port()
netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port()
include/net/netfilter/nf_conntrack_helper.h | 3 +++
net/netfilter/nf_conntrack_amanda.c | 11 ++++----
net/netfilter/nf_conntrack_helper.c | 28 +++++++++++++++++++++
net/netfilter/nf_conntrack_irc.c | 4 ++-
4 files changed, 40 insertions(+), 6 deletions(-)
--
2.54.0