Re: [PATCH net-next v2 0/3] netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers

[Phil Sutter]

On Fri, May 01, 2026 at 12:01:53PM +0530, HACKE-RC wrote:
> Both nf_conntrack_irc and nf_conntrack_amanda parse port numbers
> from application-layer protocol data using simple_strtoul(), which
> relies on nul-terminated strings and returns unsigned long without
> range checking. Port values above 65535 silently truncate when
> stored in u16.
> 
> This v2 adds a shared nf_ct_helper_parse_port() function to the
> conntrack helper core, modeled after the approach in 8cf6809cddcb
> ("netfilter: nf_conntrack_sip: don't use simple_strtoul"), then
> converts both helpers to use it.

Looking at Florian's patch, how about going the extra mile of
implementing a shared nf_ct_helper_parse_uint() which is called by the
new nf_ct_helper_parse_port(), then drop sip_strtouint() for the former
and have sip_parse_port() call the latter (wrapped by the colon and min
port value checks) in a fourth patch?

Cheers, Phil
> 
> Changes since v1:
>   - Added shared nf_ct_helper_parse_port() in the helper core
>     instead of open-coding range checks in each helper (Pablo)
>   - Parser does not rely on nul-terminated strings
>   - Dropped simple_strtoul usage entirely for port parsing
> 
> HACKE-RC (3):
>   netfilter: conntrack: add shared port parser for helpers
>   netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port()
>   netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port()
> 
>  include/net/netfilter/nf_conntrack_helper.h |  3 +++
>  net/netfilter/nf_conntrack_amanda.c         | 11 ++++----
>  net/netfilter/nf_conntrack_helper.c         | 28 +++++++++++++++++++++
>  net/netfilter/nf_conntrack_irc.c            |  4 ++-
>  4 files changed, 40 insertions(+), 6 deletions(-)
> 
> -- 
> 2.54.0
> 
>