summaryrefslogtreecommitdiffstats
path: root/src/helpers/ssdp.c
diff options
context:
space:
mode:
authorAaron Thompson <dev@aaront.org>2022-01-08 07:32:47 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2022-01-09 17:21:35 +0100
commit1034c8067b849a4306a5a249a9faaa371e7ea78c (patch)
tree499da593edfb6b784ae73fd23125d84bfbc625be /src/helpers/ssdp.c
parent91ad5a2078fe8cf4029925ea8cefca8a9b3c2995 (diff)
conntrackd: cthelper: ssdp: Fix parsing of IPv6 M-SEARCH requests.
Use the already correctly determined transport header offset instead of assuming that the packet is IPv4. Signed-off-by: Aaron Thompson <dev@aaront.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/helpers/ssdp.c')
-rw-r--r--src/helpers/ssdp.c8
1 files changed, 2 insertions, 6 deletions
diff --git a/src/helpers/ssdp.c b/src/helpers/ssdp.c
index 56526f4..0c6f563 100644
--- a/src/helpers/ssdp.c
+++ b/src/helpers/ssdp.c
@@ -48,7 +48,6 @@
#include <errno.h>
#include <stdlib.h>
#include <arpa/inet.h>
-#include <netinet/ip.h>
#define _GNU_SOURCE
#include <netinet/tcp.h>
#include <netinet/udp.h>
@@ -159,11 +158,9 @@ static int handle_ssdp_new(struct pkt_buff *pkt, uint32_t protoff,
{
int ret = NF_ACCEPT;
union nfct_attr_grp_addr daddr, saddr, taddr;
- struct iphdr *net_hdr = (struct iphdr *)pktb_network_header(pkt);
int good_packet = 0;
struct nf_expect *exp;
uint16_t port;
- unsigned int dataoff;
void *sb_ptr;
cthelper_get_addr_dst(myct->ct, MYCT_DIR_ORIG, &daddr);
@@ -201,13 +198,12 @@ static int handle_ssdp_new(struct pkt_buff *pkt, uint32_t protoff,
}
/* No data? Ignore */
- dataoff = net_hdr->ihl*4 + sizeof(struct udphdr);
- if (dataoff >= pktb_len(pkt)) {
+ if (protoff + sizeof(struct udphdr) >= pktb_len(pkt)) {
pr_debug("ssdp_help: UDP payload too small for M-SEARCH; ignoring\n");
return NF_ACCEPT;
}
- sb_ptr = pktb_network_header(pkt) + dataoff;
+ sb_ptr = pktb_network_header(pkt) + protoff + sizeof(struct udphdr);
if (memcmp(sb_ptr, SSDP_M_SEARCH, SSDP_M_SEARCH_SIZE) != 0) {
pr_debug("ssdp_help: UDP payload does not begin with 'M-SEARCH'; ignoring\n");