Re: [PATCH net-next 0/2] netfilter: conntrack: validate parsed port values in IRC and Amanda helpers

Next message: Hans Zhang: "[PATCH 05/16] PCI/TPH: Use FIELD_MODIFY()"
Previous message: Pengyu Luo: "Re: [PATCH 2/2] media: hi846: Add 6MP and 8MP modes support"
In reply to: HACKE-RC: "[PATCH net-next 0/2] netfilter: conntrack: validate parsed port values in IRC and Amanda helpers"
Next in thread: HACKE-RC: "[PATCH net-next 1/2] netfilter: nf_conntrack_irc: reject DCC port values above 65535"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pablo Neira Ayuso

Date: Thu Apr 30 2026 - 12:19:24 EST

On Thu, Apr 30, 2026 at 09:42:28PM +0530, HACKE-RC wrote:
> Both nf_conntrack_irc and nf_conntrack_amanda parse port numbers from
> application-layer protocol data using simple_strtoul(), which returns
> unsigned long. The results are stored in u16 variables without range
> checks, silently truncating values above 65535.
>
> This series adds explicit upper-bound validation in both helpers.
>
> Note: checkpatch warns about simple_strtoul being obsolete. Both
> call sites use the endptr output parameter to advance the parse
> position, which kstrtoul does not provide. Converting to kstrtoul
> would require restructuring the parsers, which is out of scope for
> this fix.
>
> HACKE-RC (2):

HAHA, this nickname is funny, it is making my day here. Thanks!

> netfilter: nf_conntrack_irc: reject DCC port values above 65535
> netfilter: nf_conntrack_amanda: reject port values above 65535
>
> net/netfilter/nf_conntrack_amanda.c | 10 ++++++----
> net/netfilter/nf_conntrack_irc.c | 7 ++++++-
> 2 files changed, 12 insertions(+), 5 deletions(-)
>
> --
> 2.54.0
>