[PATCH net-next v2 2/3] netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port()

Next message: HACKE-RC: "[PATCH net-next v2 3/3] netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port()"
Previous message: HACKE-RC: "[PATCH net] ipv6: rpl: fix hdrlen overflow in ipv6_rpl_srh_decompress()"
In reply to: Phil Sutter: "Re: [PATCH net-next v2 1/3] netfilter: conntrack: add shared port parser for helpers"
Next in thread: HACKE-RC: "[PATCH net-next v2 3/3] netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: HACKE-RC

Date: Fri May 01 2026 - 02:34:01 EST

Replace the bare simple_strtoul() call for port parsing with the
shared nf_ct_helper_parse_port(). This avoids reliance on the
nul-terminated string guarantee (currently provided by the newline
scan earlier in parse_dcc) and validates the port fits in u16.

The simple_strtoul() for the IP address field is left as-is since
it returns unsigned long for a __be32 conversion, which is a
separate concern.

Fixes: 869f37d8e48f ("[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port")
Signed-off-by: HACKE-RC <rc@xxxxxxxxx>
---
net/netfilter/nf_conntrack_irc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 522183b9a..1b51f5a6a 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -93,7 +93,9 @@ static int parse_dcc(char *data, const char *data_end, __be32 *ip,
data++;
}

- *port = simple_strtoul(data, &data, 10);
+ if (nf_ct_helper_parse_port(data, data_end - data, port, &data))
+ return -1;
+
*ad_end_p = data;

return 0;
--
2.54.0